Skip to main content

Run an OpenSCAP Compliance Scan on a Host

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Training Architect

Length

00:30:00

Difficulty

Intermediate

In this lab, we will be installing OpenSCAP and scanning a host for compliance. OpenSCAP is a powerful tool used to scan hosts to validate compliance with predetermined rule sets. This allows us to identify where we fall out of compliance and remediate the identified issues.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Run an OpenSCAP Compliance Scan on a Host

Introduction

In this lab, we will be installing OpenSCAP and scanning a host for compliance. OpenSCAP is a powerful tool used to scan hosts to validate compliance with predetermined rule sets. This allows us to identify where we fall out of compliance and remediate the identified issues.

Solution

We will connect to our lab server using VNC. The IP address and credentials are provided in the hands-on lab page.

VNC connections will be different for each operating system:

  • For Mac users:
    • Open Finder
    • Press Command+K on your keyboard to bring up the Connect to server window
      • Alternatively, expand Go in the menu at the top of the screen and click Connect to Server
    • In the Connect to Server window, connect to vnc://<IP_ADDRESS>:5901, making sure to replace <IP_ADDRESS> with the IP address you are provided on the hands-on lab page
  • Windows users will need to install an application like VNC Viewer to connect.

Install SCAP Workbench

  1. To install SCAP Workbench, run the following command from Terminal on the lab server:

    sudo yum install -y scap-workbench

Scan the localhost for C2S compliance and create a report

  1. Open SCAP-Workbench
    • Applications Menu -> System Tools -> SCAP Workbench
  2. Choose RHEL7 when prompted to Select content to load:, then click the Load Content button
  3. From the Profile drop down, select C2S for Red Hat Enterprise Linux 7
  4. Click the radial button next to Local Machine for the Target
  5. Click the Scan button at the bottom to start the scan
  6. Once the scan is complete click Close in the Diagnostics window
  7. Click the Save Results drop down button and select HTML Report
  8. Type "scan_results.html" in the name and click Save

View the report

  1. Open Firefox on the lab server and navigate to file:///home/cloud_user/scan_results.html

Conclusion

Congratulations — you've completed this hands-on lab!