Run an OpenSCAP Compliance Scan on a Host

30 minutes
  • 2 Learning Objectives

About this Hands-on Lab

In this lab, we will be installing OpenSCAP and scanning a host for compliance. OpenSCAP is a powerful tool used to scan hosts to validate compliance with predetermined rule sets. This allows us to identify where we fall out of compliance and remediate the identified issues.

*This course is not approved or sponsored by Red Hat.*

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Install SCAP Workbench
  1. Use VNC to connect to the lab server using it’s public IP address on port 5901.
  2. To install SCAP Workbench, run the following command:

    yum install -y scap-workbench
Scan the Localhost for C2S Compliance and Create a Report
  1. Open SCAP-Workbench
    • Applications Menu -> System Tools -> SCAP Workbench
  2. Choose RHEL7 when prompted to Select content to load:, then click the Load Content button
  3. From the Profile drop down, select C2S for Red Hat Enterprise Linux 7
  4. Click the radial button next to Local Machine for the Target
  5. Click the Scan button at the bottom to start the scan
  6. Once the scan is complete click Close in the Diagnostics window
  7. Click the Save Results drop down button and select HTML Report
  8. Type "scan_results.html" in the name and click Save

Additional Resources

Your supervisor has tasked you with setting up OpenSCAP to scan a host for C2S compliance. You'll need to install OpenSCAP and scan the localhost for compliance using the C2S profile in SCAP-Workbench. Once the scan is complete, create a report of the results named scan_results.html in the cloud_users home directory. The security team will review the report and make any necessary changes.

Connecting to the lab:

  • Use VNC on your computer to connect to the public IP address of the instance on port 5901 (x.x.x.x:5901).
  • RealVNC® Viewer or TightVNC Viewer are example VNC program options.
  • Log in with the username and password generated by the lab.
  • For MacOS, you can use finder built-in client by choosing Go,``Connect to Server and entering vnc://cloud_user@[Lab Provided Instance Public IP]:5901.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?