jOVAL is an
open-source Java OVAL interpreter. The first open-source OVAL interpreter that
could perform remote scanning without installation of any agent on a host.
However, it
seems that jOVAL Team, whose contribution in OVAL development sure enough is
huge, does not very interested in development of open-source product anymore.
Nowadays
only default plugin is available for open-source version on jOVAL engine. All binary
packages since 5.10.1.2b are not publically available. The only
way to get jOVAL with remote scanning option is to purchase jOVAL Professional
Edition ($1,000 per user per year).
I tried to
figure out the situation with available source codes of jOVAL.
First, I
was able to build it and it works. The only comment about building: for current
jOVAL master you should use jPE branch 1.0.1 (not master!) and jSAF branch
1.1.2.
The second
thought is that it could be used for remote scanning with some bash magic, and
it works fast enough.
I have just
copied jovaldi dist to remote RHEL host and started default plugin job with
RHEL OVAL patch content and then received results back.
Html
results:
Hi Alexander, thanks for checking out the jOVAL community edition! Feel free to ask us any questions you may have using the contact page: http://joval.org/contact
ReplyDelete