Sign in Subscribe
By Austin Songer in compliance

Linux Security: Performing a Compliance Scan and Active Remediation Using OSCAP

Linux Security: Performing a Compliance Scan and Active Remediation Using OSCAP

Install the Necessary Packages

  1. Become root
    • sudo su
  2. Install the OpenSCAP scanner and the SCAP security guide.
    yum install -y openscap-scanner scap-security-guide

Run a Compliance Scan with Remediation

  1. Use the following command to run a scan with remediation:oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_rht-ccp --results scan-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml

Report from the Scan Results

  1. Run the following command to generate a report:oscap xccdf generate report scan-results.xml > scan-results.html

Previous

Linux Security: Run an OpenSCAP Compliance Scan on a Host

 Next

Linux Security: Working with the Audit Log

You might also like...