6.5.1. SCAP Scan Results¶
Components have different SCAP scans that apply to their systems.
The SCAP Security Guide is the general metric by which SIMP systems are measured.
The associated SCAP profile should be referenced in each associated document.
The following scan results are available for the various subsystems:
6.5.1.3. How to Run a SCAN¶
Download the latest SSG Release OVAL ZIP file onto the target system
Unzip the downloaded file and
cd
into the directoryMake sure that you have the
openscap-scanner
package installedRun
oscap xccdf eval --profile <profile_name> --results ~/scan-output.xml --report ~/scan-output.html ssg-<OS>-ds.xml
You can get the list of available profiles by running
oscap info ssg-<OS>-ds.xml
For example, to run the
STIG
profile onCentOS 7
, you would run the following command:oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --results ~/scan-output.xml --report ~/scan-output.html ssg-centos7-ds.xml