Open SCAP Scanning Lab

Hands-On Lab


Photo of John Marx

John Marx

Training Architect





This learning activity provides a hands-on experience with the Open SCAP Scanner. The student will use a lab server that has the OpenSCAP Workbench and Apache HTTP server installed. A shell script has been prepared to execute the scan, and the student may use their browser to view the report.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

OpenSCAP Scanning

In this learning activity the student will launch an Amazon EC2 cloud instance simply by starting the lab. This is automatic.

The Amazon Machine Image (AMI) file will install the OpenSCAP Scanner Software and also install the Apache httpd web server.

Note the variables for the learning activity

Once launched the student should record the following information:

The username, password and public IP address.

Log into the Amazon EC2 Instance Using SSH

After the instance has been created and you have noted the username, password and Public ip address, you may launch a terminal session on your local computer and execute the following SSH command:

$ ssh cloud_user@[Public ip address]

The command may ask you to affirm connection after displaying security information. Just input yes and press return.

The command will prompt you for the cloud_user password and then once entered return you to the command line prompt.

Execute the oscp command to run the OpenSCAP Scan

After you have used SSH to login to the Amazon instance you may execute the oscap utility by entering the following command.

$ oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_rht-ccp 
  --results-arf arf.xml  
  --report /var/www/html/oscap.html  

The command should provide text output to the terminal as it runs and then return you to the command line prompt once it has completed execution.

View and Review the Report On Your Local Browser

Once the command has run and the student is returned to the Linux Command Line prompt, the student may execute any browser on their local machine.

In the browser, enter the following Uniform Resource Locator in the address bar of the web browser:

http://[The IP Address For The EC2 Instance]/oscap.html

Once that address is input, the report should come up.

The student should review the report and familiarize themself with the type of checks done on a cloud server.

That completes the lab, and the student may proceed to the next lesson in the course content.