Linux Security: Performing a Compliance Scan and Active Remediation Using OSCAP

Linux Security: Performing a Compliance Scan and Active Remediation Using OSCAP

Install the Necessary Packages

  1. Become root
    • sudo su
  2. Install the OpenSCAP scanner and the SCAP security guide.
    yum install -y openscap-scanner scap-security-guide

Run a Compliance Scan with Remediation

  1. Use the following command to run a scan with remediation:oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_rht-ccp --results scan-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml

Report from the Scan Results

  1. Run the following command to generate a report:oscap xccdf generate report scan-results.xml > scan-results.html


Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.