Skip to main content

Performing a Compliance Scan and Active Remediation Using OSCAP

Hands-On Lab

 

Photo of

Training Architect

Length

00:30:00

Difficulty

Intermediate

In this lab, we'll install and use openscap-scanner from the terminal. Using active remediation, we'll run a compliance scan that will permit OpenSCAP to fix any problems it finds. Then we'll create a report from the scan findings. Lastly, we'll review the report findings to see what OpenSCAP found and was able to remediate.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Performing a Compliance Scan and Active Remediation Using OSCAP

Introduction

In this lab, we'll install and use openscap-scanner from the terminal. We'll run a compliance scan that uses active remediation and will permit OpenSCAP to fix any problems it finds. Then we'll create a report from the scan findings. Lastly, we'll review the report findings to see what OpenSCAP found and was able to remediate.

Connecting to the Lab

  1. Open your terminal application, and run the following command (remember to replace <PUBLIC_IP> with the public IP you were provided on the lab instructions page):
    ssh cloud_user@<PUBLIC_IP>
  2. Enter yes at the prompt.
  3. Enter your cloud_user password at the prompt.
  4. Become root.
    sudo su 

Install the Necessary Packages

  1. Run the following command:
    yum install -y openscap-scanner scap-security-guide

Run a Compliance Scan with Remediation

  1. Run the following command:
    oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_rht-ccp --results scan-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml

Generate a Report from the Scan Results

  1. List the contents of the current directory.
    ls
  2. Run the following command to generate a report:
    oscap xccdf generate report scan-results.xml > scan-results.html
  3. List the contents of the current directory to verify that the report file was created.
    ls
  4. Install elinks.
    yum install -y elinks
  5. Open the report.
    elinks scan-results.html

Conclusion

Congratulations, you've successfully completed this hands-on lab!