<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 11/20/12 4:50 PM, Daikawa, Neal DLA CTR INFORMATION OPERATIONS wrote: </div> <blockquote cite="mid:7C96A72104E37A45A65F37985364DF6504D957DE@PHL0SGEM006.AD.DLA.MIL" type="cite"> Does anyone have any documentation or point me in the right direction toward any documentation on how to get OpenSCAP installed and run a report on RHEL 6.2? <o:p></o:p> <o:p> </o:p> </blockquote> Content for RHEL6 is still in very active development. This list focuses mostly on the OpenSCAP interpreter, if you're interested in content I would recommend heading over to the SCAP Security Guide [1]. That's the place the RHEL6 STIG and other baselines are being developed. If you're after things which are 100% in RHEL, without using EPEL sources, the following should do the trick: Regardless, on a RHEL6 box: # yum install openscap-content openscap-utils The openscap-content package will deploy the following: # rpm -ql openscap-content /usr/share/openscap/scap-oval.xml /usr/share/openscap/scap-rhel6-oval.xml /usr/share/openscap/scap-rhel6-xccdf.xml /usr/share/openscap/scap-xccdf.xml To create a human readable guide of all this XML stuff: # oscap xccdf generate guide /usr/share/openscap/scap-xccdf.xml > /tmp/openscap-content.html $favoriteBrowser /tmp/openscap-content.html And then do a scan: # oscap xccdf eval --profile RHEL6-Default \ --results /tmp/`hostname`-openscap-content-results.xml \ --report /tmp/`hostname`-openscap-content-results.html \ /usr/share/openscap/scap-xccdf.xml [1] <a class="moz-txt-link-freetext" href="https://fedorahosted.org/scap-security-guide/">https://fedorahosted.org/scap-security-guide/</a> </body> </html>