8.4.4. Generating Reports and Guides

Another useful features of oscap is the ability to generate SCAP content in a human-readable format. The oscap utility allows you to transform an XML file into the HTML or plain-text format. This feature is used to generate security guides and checklists, which serve as a source of information, as well as guidance for secure system configuration. The results of system scans can also be transformed to well-readable result reports. The general command syntax is the following:

oscap module generate sub-module [specific_module/sub-module_options_and_arguments] file

where module is either xccdf or oval, sub-module is a type of the generated document, and file represents an XCCDF or OVAL file.

The following are the most common examples of the command usage:

Example 8.9. Generating a Guide with a Checklist

To produce an SSG guide with a checklist for the xccdf_org.ssgproject.content_profile_rht-ccp profile, run the following command:

~]$ oscap xccdf generate guide --profile xccdf_org.ssgproject.content_profile_rht-ccp /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml > ssg-guide-checklist.html

The guide will be stored as the ssg-guide-checklist.html file in the current directory.

Example 8.10. Transforming an SSG OVAL Scan Result into a Report

To transform a result of an SSG OVAL scan into a HTML file, run the following command:

~]$ oscap oval generate report scan-oval-results.xml > ssg-scan-oval-report.html

The result report will be stored as the ssg-scan-oval-report.html file in the current directory. This example assumes that you run the command from the same location where the scan-oval-results.xml file is stored. Otherwise you need to specify the fully-qualified path of the file that contains the scan results.

Example 8.11. Transforming an SSG XCCDF Scan Result into a Report

To transform a result of an SSG XCCDF scan into a HTML file, run the following command:

~]$ oscap xccdf generate report scan-xccdf-results.xml > scan-xccdf-report.html

The result report will be stored as the ssg-scan-xccdf-report.html file in the current directory. Alternatively, you can generate this report in the time of the scan using the --report command-line argument:

~]$ oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_rht-ccp --resultsscan-xccdf-results.xml --report scan-xccdf-report.html /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

8.4.4. Generating Reports and Guides

Where did the comment section go?