On Thu, Sep 01, 2011 at 06:37:52AM -0400, Jan Muhammad wrote: >Hello Group, > >I am wondering has anyone of experience on translating Open Vulnerability >Assessment Language (OVAL) vulnerability descriptions into CFengine policy >rules? As CFengine offers a powerful distributed agent framework that if >combined with the OVAL vulnerability language, can provide an efficient >strategy for aligning security aspects on autonomic environments. > >Similarly, I came across (SCAP-- >http://scap.nist.gov/<https://owa2.dcs.gla.ac.uk/owa/redir.aspx?C=d99318281ebb430dbd65ec33cb474b4c&URL=http%3a%2f%2fscap.nist.gov%2f>) > which uses six different components such as OVAL, XCCDF and also includes a >list of all known security related software flaws (CVE), a list of known >software configuration issues (CCE), and a list of standard vendor and product >names (CPE).
Any particular reason why this link points off to some site in the UK? The actual site (http://scap.nist.gov/) is valid, and has good stuff. I've done a tiny, tiny bit for checking for specific CVEs, but nothing comprehensive. It'd be an intersting project though. >Can anyone share any experiences on SCAP or OVAL consideration while >implementing CFengine. > >Thanks in advance for help. > >-Jan > >_______________________________________________ >Help-cfengine mailing list >Help-cfengine@cfengine.org >https://cfengine.org/mailman/listinfo/help-cfengine -- Jesse Becker NHGRI Linux support (Digicon Contractor) _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
