How to Run a SCANΒΆ

  1. Download the latest SSG Release OVAL ZIP file onto the target system

  2. Unzip the downloaded file and cd into the directory

  3. Make sure that you have the openscap-scanner package installed

  4. Run oscap xccdf eval --profile <profile_name> --results ~/scan-output.xml \ --report ~/scan-output.html ssg-<OS>-ds.xml

    • You can get the list of available profiles by running oscap info ssg-<OS>-ds.xml

    • For example, to run the STIG profile on CentOS 7, you would run the following command:

      oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa \
      --results ~/scan-output.xml --report ~/scan-output.html ssg-centos7-ds.xml