#OpenSCAP Open Source Security Compliance Solution ##About The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents. Homepage of the project is http://www.open-scap.org Documenation is on http://www.open-scap.org/page/Documentation ##Compilation 1) Get fresh sources from repository: ``` git clone https://github.com/OpenSCAP/openscap.git ``` 2) Run the folllowing script: ``` ./autogen.sh ``` The autoconf, automake, and libtool tools are required to be installed on your system. 3) Run the following commands to build the library: ``` ./configure make ``` Build dependencies: (some of these can be turned off via configure) * libacl-devel * libcap-devel * libcurl-devel * libgcrypt-devel * libselinux-devel * libxml2-devel * libxslt-devel * make * openldap-devel * pcre-devel * perl-XML-Parser * perl-XML-XPath * perl-devel * python-devel * rpm-devel * swig 4) Run library self-checks by executing the following command: ``` make check ``` 5) Run the installation procedure by executing the following command: ``` make install ``` ##Use cases ###SCAP Content Validation * The following example shows how to validate a given source data stream; all components within the data stream are validated (XCCDF, OVAL, OCIL, CPE, and possibly other components): ``` oscap ds sds-validate scap-ds.xml ``` ###Scanning * To evaluate all definitions within the given OVAL Definition file, run the following command: ``` oscap oval eval --results oval-results.xml scap-oval.xml ``` *where scap-oval.xml is the OVAL Definition file and oval-results.xml is the OVAL Result file.* * To evaluate all definitions from the OVAL component that are part of a particular data stream within a SCAP data stream collection, run the following command: ``` oscap oval eval --datastream-id ds.xml --oval-id xccdf.xml --results oval-results.xml scap-ds.xml ``` *where ds.xml is the given data stream, xccdf.xml is an XCCDF file specifying the OVAL component, oval-results.xml is the OVAL Result file, and scap-ds.xml is a file representing the SCAP data stream collection.* * To evaluate a specific profile in an XCCDF file run this command: ``` oscap xccdf eval --profile Desktop --results xccdf-results.xml --cpe cpe-dictionary.xml scap-xccdf.xml ``` *where scap-xccdf.xml is the XCCDF document, Desktop is the selected profile from the XCCDF document, xccdf-results.xml is a file storing the scan results, and cpe-dictionary.xml is the CPE dictionary.* * To evaluate a specific XCCDF benchmark that is part of a data stream within a SCAP data stream collection run the following command: ``` oscap xccdf eval --datastream-id ds.xml --xccdf-id xccdf.xml --results xccdf-results.xml scap-ds.xml ``` *where scap-ds.xml is a file representing the SCAP data stream collection, ds.xml is the particular data stream, xccdf.xml is ID of the component-ref pointing to the desired XCCDF document, and xccdf-results.xml is a file containing the scan results.* ###Document generation * without XCCDF rules ``` oscap xccdf generate guide XCCDF-FILE > XCCDF-GUIDE-FILE ``` * with XCCDF rules rules ``` oscap xccdf generate guide --profile PROFILE XCCDF-FILE > XCCDF-GUIDE-FILE ``` * generate report from scanning ``` oscap xccdf generate report XCCDF-RESULT-FILE > XCCDF-REPORT-FILE ```