Open
banners

From Openscap

(Redirected from Osdd1 documentation)

Contents

[edit]

Documentation

[edit]

Library Compilation

Compilation is pretty straightforward.

  1. ./autogen.sh for those who get fresh sources from git repository. It requires: autoconf, automake, libtool. If you use release taball you can skip this step.
  2. ./configure && make build the library. Dependencies may very, it depends on enabled features(by configure). By default you need: swig, libxml2-devel, rpm-devel, libgcrypt-devel, pcre-devel, python-devel, perl-devel, libcurl-devel, libxslt-devel, libtools installed on your system.
  3. make check run library self-checks
  4. make install run installation procedure

If you want to create package for Fedora or Red Hat Enterprise Linux distribution, you will need the spec files. These are available under: dist/{fedora,rhel5,rhel6} directories.

[edit]

Scanning

There are various alternatives:

Evaluation of chosen XCCDF profile. (checking engine - OVAL data must be provided) 

$ oscap xccdf eval --profile Desktop --results xccdf-results.xml scap-xccdf.xml

Evaluation of all OVAL definitions 

$ oscap oval eval --results oval-results.xml scap-oval.xml

Evaluation of chosen OVAL definition 

$ oscap oval eval --id oval:rhel:def:1000 --results oval-results.xml scap-oval.xml
[edit]

Validation

Make sure that SCAP content is valid. 

$ oscap xccdf validate-xml scap-xccdf.xml

or 

$ oscap oval validate-xml scap-oval.xml
[edit]

Content Transformation

We provide different XSLT transformations that might be handy when you want to transform SCAP content XML file into human readable document.

Create Guide (see example) 

$ oscap xccdf generate guide scap-xccdf.xml > guide.html

Create Guide plus Profile Checklist (see example) 

$ oscap xccdf generate guide --profile Desktop scap-xccdf.xml > guide-checklist.html

XCCDF Scan Report (see example) 

$ oscap xccdf generate report xccdf-results.xml > report-xccdf.html

OVAL Scan Report (see example) 

$ oscap oval generate report oval-results.xml > report-oval.html

XCCDF report with additional info from failed OVAL tests (see example) 

$ oscap xccdf generate report --oval-template oval-results.xml xccdf-results.xml > report-xccdf-oval.html
[edit]

Reference Manual

There is an online reference manual available for OpenSCAP library. This manual is included in release tarball and can be regenerated from project sources by Doxygen documentation system.


[edit]

Script Check Engine

Script Check Engine(SCE) is an alternative check engine for XCCDF checklist evaluation. It's not part of any SCAP specification. It's a mechanism that allows you to call shell scripts out of XCCDF. This approach might be suitable for various use cases, mostly when OVAL checks are not required/needed. More information about SCE usage is available here.


[edit]

Building on windows

The library is developed mainly on Linux platform but we do our best to make it multi-platform. Here are short instructions how to build it on windows in cygwin environment.

[edit]

Blog

You might find some valuable information at Peter's blog

Retrieved from "http://www.open-scap.org/page/Documentation"
Views Article Discussion Edit History
Personal tools:  Log in / create account
Toolbox What links here Related changes Upload file Special pages Printable version