Lab
A Cloud Guru

Performing a Compliance Scan and Active Remediation Using OSCAP

In this lab, we'll install and use openscap-scanner from the terminal. Using active remediation, we'll run a compliance scan that will permit OpenSCAP to fix any problems it finds. Then we'll create a report from the scan findings. Lastly, we'll review the report findings to see what OpenSCAP found and was able to remediate. *This course is not approved or sponsored by Red Hat.*

Try for free Contact sales

Path Info

Level

Intermediate

Duration

30m

Published

Jul 02, 2019

Challenge

Install the Necessary Packages
1. Become root.
```
sudo su 
```
1. Install the OpenSCAP scanner and the SCAP security guide.
```
yum install -y openscap-scanner scap-security-guide
```

Challenge

Run a Compliance Scan with Remediation

Use the following command to run a scan with remediation:

oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_rht-ccp --results scan-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml

Challenge

Generate a Report from the Scan Results
1. Run the following command to generate a report:
```
oscap xccdf generate report scan-results.xml > scan-results.html
```

Author

A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.