Created
November 26, 2021 09:15
-
-
Save antaln/9549358a01169e6193910c99ab543a66 to your computer and use it in GitHub Desktop.
Script to modify RHEL8 OVAL file to evaluate Rocky Linux 8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# sed script to replace RHEL8 OVAL definition to evaluate with Rocky Linux | |
# signature detection | |
s/199e2f91fd431d51/15af5dac6d745a60/g | |
# centos detection | |
s/\^redhat-release/\^rocky-release/g | |
s@/etc/redhat-release@/etc/rocky-release@g | |
# rocky uses module_, while RHEL8 uses module+ | |
# module comparison: strip the module release sequence and commit SHA | |
# | |
# IMPORTANT: this makes module version checks inexact | |
# consequence: if EVR is same between two patches, scan will report old package as vulnerable | |
# - assumption: modules version string is module-EVR-SEQ-GITCKSUM | |
# - guess: SEQ and GITCKSUM are artifacts of build and VCS | |
# - rocky and RHEL differ in SEQ and GITCKSUM. Mapping is impossible. | |
s/module+\([^+]*\)+[^+]*+[0-9a-zA-Z]*/module_\1/g |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment