Track we are using most current / appropriate version of Scap-security-guide and openscap

[gregelin]

How do we track versions?

[gregelin]

• The current NIST certified version of OpenSCAP is 1.0.8 (July 22, 2014)
• The Current version of OpenSCAP available as source is 1.1.1 (Sep 26, 2014)
• The Current RHEL package version of OpenSCAP is 1.0.8 (Jul 22, 2014)
• The Next feature release will be 1.2 scheduled for November 30, 2014
• Change log is on GitHub under https://github.com/OpenSCAP/openscap/blob/master/NEWS
• Release Schedule: http://open-scap.org/page/Release_Schedule
• Version information can be found on http://open-scap.org/page/Download
• Roadmap information can be found at https://fedorahosted.org/openscap/roadmap
• Source code is maintained on GitHub at https://github.com/OpenSCAP/openscap
• Issues are still tracked on FedoraHosted.org https://fedorahosted.org/openscap/report
• Archives are at: https://fedorahosted.org/releases/o/p/openscap/
• Versioning numbers explained: http://open-scap.org/page/Versioning

OpenScap

GitHub Last Release Version: 1.1.1 (Sep 26, 2014) RHEL RPM Version: 1.0.8 (Jul 22, 2014) CentOS RPM Version: 1.0.8 (Sep 3, 2014)

Scap-Security-Guide

GitHub Last Release Version: 0.1.19 (Sep 28, 2014) RHEL RPM Version: 0.1.18 (Aug 28, 2014) CentOS RMP Version: 0.1.18 (Aug 28, 2014)

Notes

" RHEL7 on the other hand needs OVAL 5.11 to be properly evaluated." - Steve Grubb

[gregelin]

There are multiple packages on RHEL 6.4 64bit: openscap, openscap-utils, openscap-engine-sce, and openscap-workbench

On my testmachine build of RHEL64 64bit, openscap installed is 0.9.3 from 2012.

Running sudo yum install openscap upgrades openscap on RHEL64 to 1.0.8 from July 2014.

Installed Packages
Name        : openscap
Arch        : x86_64
Version     : 1.0.8
Release     : 1.el6_5.1
Size        : 42 M
Repo        : installed
From repo   : rhel-6-server-eus-rpms
Committer   : Lubos Kocman <lkocman@redhat.com>
Committime  : Tue Jul 22 12:00:00 2014
Buildtime   : Tue Jul 22 11:57:45 2014
Install time: Sun Nov  2 21:52:24 2014
Installed by: System <unset>
Changed by  : vagrant <vagrant>
Summary     : Set of open source libraries enabling integration of the SCAP line of standards
URL         : http://www.open-scap.org/
License     : LGPLv2+
Description : OpenSCAP is a set of open source libraries providing an easier path
            : for integration of the SCAP line of standards. SCAP is a line of standards
            : managed by NIST with the goal of providing a standard language
            : for the expression of Computer Network Defense related information.

[gregelin]

CentOS package is 1.0.1 (Released Mar 26, 2014 and latest packaged: Sep 3, 2014)

Installed Packages
Name        : openscap
Arch        : x86_64
Version     : 1.0.8
Release     : 1.0.1.el6.centos.1
Size        : 42 M
Repo        : installed
From repo   : base
Committer   : Johnny Hughes <johnny@centos.org>
Committime  : Wed Sep  3 12:00:00 2014
Buildtime   : Wed Sep  3 15:22:58 2014
Install time: Sun Nov  2 19:53:06 2014
Installed by: vagrant <vagrant>
Changed by  : System <unset>
Summary     : Set of open source libraries enabling integration of the SCAP line of standards
URL         : http://www.open-scap.org/
License     : LGPLv2+
Description : OpenSCAP is a set of open source libraries providing an easier path
            : for integration of the SCAP line of standards. SCAP is a line of standards
            : managed by NIST with the goal of providing a standard language
            : for the expression of Computer Network Defense related information.

[gregelin]

Amazon Linux 2014.03 HVM ami-76817c1e x86-64 as per https://github.com/GovReady/govready/blob/master/Quickstart-Amazon-Linux.md

[ec2-user@ip-172-30-0-182 ~]$ yum -v info openscap
Loading "priorities" plugin
Loading "update-motd" plugin
Loading "upgrade-helper" plugin
Config time: 0.007
Yum version: 3.4.3
rpmdb time: 0.000
Setting up Package Sacks
pkgsack time: 0.005
Installed Packages
Name        : openscap
Arch        : x86_64
Version     : 1.0.3
Release     : 2.amzn1
Size        : 51 M
Repo        : installed
From repo   : /openscap-1.0.3-2.amzn1.x86_64
Committer   : Daniel Mach <dmach@redhat.com>
Committime  : Fri Jan 24 12:00:00 2014
Buildtime   : Fri Sep  5 12:20:55 2014
Install time: Sun Nov  2 22:15:02 2014
Installed by: EC2 Default User <ec2-user>
Changed by  : System <unset>
Summary     : Set of open source libraries enabling integration of the SCAP line of standards
URL         : http://www.open-scap.org/
License     : LGPLv2+
Description : OpenSCAP is a set of open source libraries providing an easier path
            : for integration of the SCAP line of standards. SCAP is a line of standards
            : managed by NIST with the goal of providing a standard language
            : for the expression of Computer Network Defense related information.