Create a Custom Scan Policy with OpenSCAP

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Security Training Architect I in Content

Length

00:30:00

Difficulty

Intermediate

In this hands-on lab, we will use the SCAP Workbench tool to create a custom policy and scan a host with it. SCAP Workbench comes with preconfigured rule sets, from which we can create our own custom policies we'll use to scan our environment for compliance with internal security policies.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Creating a Custom Scan Policy with OpenSCAP

Introduction

In this hands-on lab, we will use the SCAP Workbench tool to create a custom policy and scan a host with it. SCAP Workbench comes with preconfigured rule sets, from which we can create our own custom policies we'll use to scan our environment for compliance with internal security policies.

Solution

We will connect to our lab server using VNC. The IP address and credentials are provided in the hands-on lab page.

VNC connections will be different for each operating system:

  • For Mac users:
    • Open Finder
    • Press Command+K on your keyboard to bring up the Connect to server window
      • Alternatively, expand Go in the menu at the top of the screen and click Connect to Server
    • In the Connect to Server window, connect to vnc://<IP_ADDRESS>:5901, making sure to replace <IP_ADDRESS> with the IP address you are provided on the hands-on lab page
  • Windows users will need to install an application like VNC Viewer to connect.

Create a Custom OpenSCAP Policy

  1. Open SCAP Workbench by navigating to Applications > System Tools > SCAP Workbench.
  2. Set Select content to load: to RHEL7.
  3. Click Load Content.
  4. Click the Customize button next to Profile.
  5. Provide a New Profile ID of "xccdf_org.ssgproject.custom_profile_1", and click OK.
  6. In the customizing window:
    1. Click Deselect All at the top.
    2. Under Services > Obsolete Services > Telnet, check the box next to Uninstall telnet-server Package.
    3. Under Services > FTP Server > Disable vsftpd if Possible, check the box next to Uninstall vsftpd Package.
    4. Under System Settings > Network Configurations and Firewalls > firewalld > Inspect and Activate Default firewalld Rules, check the boxes to Verify firewalld Enabled and Install firewalld.
  7. Click the OK button at the bottom of the customization window.
  8. In the SCAP Workbench window, navigate to File > Save Customization Only.
  9. Name the customization "custom_profile_1.xml", and click Save.

Scan the Localhost with a Custom Profile

  1. In the SCAP Workbench window, set the Target to Local Machine.
  2. Click the Scan button at the bottom to start a scan using the custom profile.
  3. Once the scan finished, click the Close button in the Diagnostics window.
  4. Click Save Results at the bottom, and select HTML Report.
  5. Name the report "scan_results.html", and click Save.

Conclusion

Congratulations on completing this hands-on lab!