OpenSCAP
- SCAP にもとづいた脆弱性診断を行ってくれるツール
試す
環境
# cat /etc/redhat-release ; uname -a CentOS Linux release 7.5.1804 (Core) Linux master 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linuxインストール
パッケージ
# yum install openscap-utilsSCAP Security Guide
# yum install scap-security-guide # rpm -ql scap-security-guide-0.1.40-12.el7.centos.0.1.noarch | grep \.xml$ /usr/share/xml/scap/ssg/content/ssg-centos6-ds.xml /usr/share/xml/scap/ssg/content/ssg-centos6-xccdf.xml /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml /usr/share/xml/scap/ssg/content/ssg-firefox-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-firefox-cpe-oval.xml /usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml /usr/share/xml/scap/ssg/content/ssg-firefox-ocil.xml /usr/share/xml/scap/ssg/content/ssg-firefox-oval.xml /usr/share/xml/scap/ssg/content/ssg-firefox-xccdf.xml /usr/share/xml/scap/ssg/content/ssg-jre-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-jre-cpe-oval.xml /usr/share/xml/scap/ssg/content/ssg-jre-ds.xml /usr/share/xml/scap/ssg/content/ssg-jre-ocil.xml /usr/share/xml/scap/ssg/content/ssg-jre-oval.xml /usr/share/xml/scap/ssg/content/ssg-jre-xccdf.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-oval.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-ocil.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-oval.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-oval.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ocil.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
実行
oscap oval eval --report ssg-centos7-ds.html /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml