Linux Security: Performing a Compliance Scan and Active Remediation Using OSCAP

Install the Necessary Packages

  1. Become root
    • sudo su
  2. Install the OpenSCAP scanner and the SCAP security guide.
    yum install -y openscap-scanner scap-security-guide

Run a Compliance Scan with Remediation

  1. Use the following command to run a scan with remediation:oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_rht-ccp --results scan-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml

Report from the Scan Results

  1. Run the following command to generate a report:oscap xccdf generate report scan-results.xml > scan-results.html

Full Video

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

A Website.

Up ↑

%d bloggers like this: