Linux Security: Performing a Compliance Scan and Active Remediation Using OSCAP
Austin Songer -
Install the Necessary Packages
Become root
sudo su
Install the OpenSCAP scanner and the SCAP security guide. yum install -y openscap-scanner scap-security-guide
Run a Compliance Scan with Remediation
Use the following command to run a scan with remediation:oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_rht-ccp --results scan-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
Report from the Scan Results
Run the following command to generate a report:oscap xccdf generate report scan-results.xml > scan-results.html