Introduction
In part 1 of this series we were introduced to OpenSCAP and the process of running scans via the SCAP workbench. In part 2, we explored concepts and components that define security/vulnerability scans. In this 3rd post we are going to dive into the command line operation.
Let’s get started with oscap.
Installing oscap
In RHEL 7 oscap can be installed with the following command
# yum -y install scap-security-guide openscap-scanner
Content is installed under the following directory. Note that ssg is short for SCAP Security Guide.
/usr/share/xml/scap/ssg/content
Lets change directories to the one listed above and view the installed files.
Using oscap we can view more info on each file shown above. In this example we are going to inspect the ssg-rhel7-ds.xml file.
# oscap info ssg-rhel7-ds.xml