LinuxCommandLibrary

oscap

openSCAP scanner

TLDR

Scan system

$ oscap xccdf eval --profile [profile] [ssg-content.xml]
copy
Generate report
$ oscap xccdf eval --results [results.xml] --report [report.html] [content.xml]
copy
List profiles
$ oscap info [content.xml]
copy
Check CVE
$ oscap oval eval --results [results.xml] [oval-definitions.xml]
copy
Generate fix script
$ oscap xccdf generate fix --profile [profile] [content.xml]
copy

SYNOPSIS

oscap [module] [command] [options]

DESCRIPTION

oscap is the OpenSCAP scanner. Performs security compliance scanning.
The tool evaluates systems against SCAP content. Generates reports and fixes.

PARAMETERS

xccdf COMMAND

XCCDF operations.
oval COMMAND
OVAL operations.
eval
Evaluate content.
info
Show information.
--profile ID
Security profile.
--results FILE
Results file.
--report FILE
HTML report.
--help
Display help information.

CAVEATS

Requires SCAP content. Root for full scan. RHEL/CentOS focused content available.

HISTORY

OpenSCAP was created for security compliance scanning based on SCAP standards.

SEE ALSO

scap-workbench(1), lynis(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community