Open
banners

From Openscap

Revision as of 11:54, 10 August 2012; view current revision
←Older revision | Newer revision→

Contents

Documentation

Usage

Scanning

There are various alternatives:

Evaluation of chosen XCCDF profile. (checking engine - OVAL data must be provided) 

$ oscap xccdf eval --profile Desktop --results xccdf-results.xml scap-xccdf.xml

Evaluation of all OVAL definitions 

$ oscap oval eval --results oval-results.xml scap-oval.xml

Evaluation of chosen OVAL definition 

$ oscap oval eval --id oval:rhel:def:1000 --results oval-results.xml scap-oval.xml

Validation

Make sure that SCAP content is valid. 

$ oscap xccdf validate-xml scap-xccdf.xml

or 

$ oscap oval validate-xml scap-oval.xml

Content Transformation

We provide different XSLT transformations that might be handy when you want to transform SCAP content XML file into human readable document.

Create Guide (see example) 

$ oscap xccdf generate guide scap-xccdf.xml > guide.html

Create Guide plus Profile Checklist (see example) 

$ oscap xccdf generate guide --profile Desktop scap-xccdf.xml > guide-checklist.html

XCCDF Scan Report (see example) 

$ oscap xccdf generate report xccdf-results.xml > report-xccdf.html

OVAL Scan Report (see example) 

$ oscap oval generate report oval-results.xml > report-oval.html

XCCDF report with additional info from failed OVAL tests (see example) 

$ oscap xccdf generate report --oval-template oval-results.xml xccdf-results.xml > report-xccdf-oval.html

Debug

These are the instructions for debugging the library. It's very helpful for developers and users who wants help us with bug "hunting".

Compilation

Compilation is pretty straightforward.

  1. ./autogen.sh for those who get fresh sources from git repository. It requires: autoconf, automake, libtool. If you use release taball you can skip this step.
  2. ./configure && make build the library. Dependencies may very, it depends on enabled features(by configure). By default you need: swig, libxml2-devel, rpm-devel, libgcrypt-devel, pcre-devel, python-devel, perl-devel, libcurl-devel, libxslt-devel, libtools installed on your system.
  3. make check run library self-checks
  4. make install run installation procedure

If you want to create package for Fedora or Red Hat Enterprise Linux distribution, you will need the spec files. These are available under: dist/{fedora,rhel5,rhel6} directories.

Script Check Engine

Script Check Engine(SCE) is an alternative check engine for XCCDF checklist evaluation. It's not part of any SCAP specification. It's a mechanism that allows you to call shell scripts out of XCCDF. This approach might be suitable for various use cases, mostly when OVAL checks are not required/needed. More information about SCE usage is available here.

Reference Manual

There is an online reference manual available for OpenSCAP library. This manual is included in release tarball and can be regenerated from project sources by Doxygen documentation system.

Windows

The library is developed mainly on Linux platform but we do our best to make it multi-platform. Here are short instructions how to build it on windows in cygwin environment.

Blog posts

  • Peter's posts about OpenSCAP news.
  • Simon's posts about Spacewalk integration.
Retrieved from "http://www.open-scap.org/page/Documentation"
Views Article Discussion Edit History
Personal tools:  Log in / create account
Toolbox What links here Related changes Upload file Special pages Printable version