[Open-scap] OpenSCAP RHEL 6.2 Documentation
Shawn Wells
shawn at redhat.com
Wed Nov 21 03:34:06 UTC 2012
On 11/20/12 4:50 PM, Daikawa, Neal DLA CTR INFORMATION OPERATIONS wrote:
>
> Does anyone have any documentation or point me in the right direction
> toward any documentation on how to get OpenSCAP installed and run a
> report on RHEL 6.2?
>
Content for RHEL6 is still in very active development. This list focuses
mostly on the OpenSCAP interpreter, if you're interested in content I
would recommend heading over to the SCAP Security Guide [1]. That's the
place the RHEL6 STIG and other baselines are being developed.
If you're after things which are 100% in RHEL, without using EPEL
sources, the following should do the trick:
Regardless, on a RHEL6 box:
# yum install openscap-content openscap-utils
The openscap-content package will deploy the following:
# rpm -ql openscap-content
/usr/share/openscap/scap-oval.xml
/usr/share/openscap/scap-rhel6-oval.xml
/usr/share/openscap/scap-rhel6-xccdf.xml
/usr/share/openscap/scap-xccdf.xml
To create a human readable guide of all this XML stuff:
# oscap xccdf generate guide /usr/share/openscap/scap-xccdf.xml >
/tmp/openscap-content.html
$favoriteBrowser /tmp/openscap-content.html
And then do a scan:
# oscap xccdf eval --profile RHEL6-Default \
--results /tmp/`hostname`-openscap-content-results.xml \
--report /tmp/`hostname`-openscap-content-results.html \
/usr/share/openscap/scap-xccdf.xml
[1] https://fedorahosted.org/scap-security-guide/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20121120/a4fc0c5c/attachment.htm>
More information about the Open-scap-list
mailing list