Using OpenSCAP to scan and harden your servers
Posted in Operating Systems, Linux, Security, Tools, Tips on Friday, January 20, 2017 by cam
Determine which profile you want to use: oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml replacing the –profile line as required.
Perform a scan:
oscap xccdf eval --report report.html --profile xccdf_org.ssgproject.content_profile_CS2 /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
Apply a remediation:
oscap xccdf eval --remediate --report report.html --profile xccdf_org.ssgproject.content_profile_CS2 /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml