<div dir="ltr">I use the GovReady script as a front end to remotely scan a collection of RHEL/7 instances. The remote instances have to have oscap-scanner installed, and the user should have sudo capability. I have some of this packed up in ansible roles, but the vagrant testing platform broke in an update a while back and I haven't fixed that yet (pull requests welcome!). The roles needed would be:<div><br><div><a href="https://galaxy.ansible.com/CivicActions/govready/">https://galaxy.ansible.com/CivicActions/govready/</a><br></div><div><a href="https://galaxy.ansible.com/CivicActions/openscap/">https://galaxy.ansible.com/CivicActions/openscap/</a><br></div><div><a href="https://galaxy.ansible.com/CivicActions/scap-security-guide/">https://galaxy.ansible.com/CivicActions/scap-security-guide/</a><br></div><div><br></div><div>Hope this helps,</div><div>=Fen</div><div><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Fen Labalme, CISO at CivicActions.com</div><div>Security | Quality | DevOps</div><div>mobile: 412-996-4113</div><div>github/skype/twitter: openprivacy</div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Apr 4, 2017 at 3:29 PM, Gary Gapinski <span dir="ltr"><<a href="mailto:gapinski@nasa.gov" target="_blank">gapinski@nasa.gov</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  

    
  
  <div bgcolor="#FFFFFF" text="#000000"><span class="">
    <div class="m_-7233959130322562566moz-cite-prefix">On 04/04/2017 02:41 PM, Mohanraj,
      Bharath wrote:<br>
    </div>
    <blockquote class="m_-7233959130322562566cite" id="m_-7233959130322562566mid_6dd3b20b18584179bade4a81cecda35d_phx_exmbprd_02_adprod_bmc_com" type="cite">
      <pre>Hi Open SCAP Team,

Can someone help me know how OSCAP scanner can be used on a installed on a RHEL 7.

Any pointers or doc notes will really help.

I tried the below command, but no luck.

******************************<wbr>*******
 [root@vl-pun-mar-dv15 bin]# yum -y install openscap-scanner</pre>
    </blockquote>
    <br></span>
    Unsure why that did not work.<br>
    <pre>[gapinski@rhel7 ~]$ yum info openscap-scanner
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
Repo rhel-7-workstation-extras-rpms forced skip_if_unavailable=True due to: /etc/pki/entitlement/<wbr>7249779218571624439-key.pem
Repo rhel-7-workstation-optional-<wbr>rpms forced skip_if_unavailable=True due to: /etc/pki/entitlement/<wbr>7249779218571624439-key.pem
Repo rhel-7-workstation-rpms forced skip_if_unavailable=True due to: /etc/pki/entitlement/<wbr>7249779218571624439-key.pem
Installed Packages
Name        : openscap-scanner
Arch        : x86_64
Version     : 1.2.10
Release     : 3.el7_3
Size        : 112 k
Repo        : installed
>From repo   : rhel-7-workstation-rpms
Summary     : OpenSCAP Scanner Tool (oscap)
URL         : <a class="m_-7233959130322562566moz-txt-link-freetext" href="http://www.open-scap.org/" target="_blank">http://www.open-scap.org/</a>
License     : LGPLv2+
Description : The openscap-scanner package contains oscap command-line tool. The oscap
            : is configuration and vulnerability scanner, capable of performing
            : compliance checking using SCAP content.

[gapinski@rhel7 ~]$ 

</pre>
  </div>


<br>______________________________<wbr>_________________<br>
Open-scap-list mailing list<br>
<a href="mailto:Open-scap-list@redhat.com">Open-scap-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/open-scap-list" rel="noreferrer" target="_blank">https://www.redhat.com/<wbr>mailman/listinfo/open-scap-<wbr>list</a><br></blockquote></div><br></div>