8.4.3. Scanning the System

The most important functionality of oscap is to perform configuration and vulnerability scans of a local system. The following is a general syntax of the respective command:

oscap [options] module eval [module_operation_options_and_arguments]

The oscap utility can scan systems against the SCAP content represented by both, an XCCDF (The eXtensible Configuration Checklist Description Format) benchmark and OVAL (Open Vulnerability and Assessment Language) definitions. The security policy can have a form of a single OVAL or XCCDF file or multiple separate XML files where each file represents a different component (XCCDF, OVAL, CPE, CVE, and others). The result of a scan can be printed to both, standard output and an XML file. The result file can be then further processed by oscap in order to generate a report in a human-readable format. The following examples illustrate the most common usage of the command.

~]$ oscap oval eval --results scan-oval-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml

~]$ oscap oval eval --id oval:ssg:def:100 --results scan-oval-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml

~]$ oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_rht-ccp --results scan-xccdf-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml