Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

8.3.2. Running SCAP Workbench

After a successful installation of both, the SCAP Workbench utility and SCAP content, you can start using SCAP Workbench on your systems. For running SCAP Workbench from the GNOME Classic desktop environment, press the Super key to enter the Activities Overview, type scap-workbench, and then press Enter. The Super key appears in a variety of guises, depending on the keyboard and other hardware, but often as either the Windows or Command key, and typically to the left of the Spacebar key.
Open SCAP Security Guide Window

Figure 8.1. Open SCAP Security Guide Window

As soon as you start the utility, the Open SCAP Security Guide window appears. After a selection one of the guides, the SCAP Workbench window appears. This window consists of several interactive components, which you should become familiar with before you start scanning your system:
File
This menu list offers several options to load or save a SCAP-related content. To show the initial Open SCAP Security Guide window, click the menu item with the same name. Alternatively, load another customization file in the XCCDF format by clicking Open Other Content. To save your customization as an XCCDF XML file, use the Save Customization Only item. The Save All allows you to save SCAP files either to the selected directory or as an RPM package.
Customization
This combo box informs you about the customization used for the given security policy. You can select custom rules that will be applied for the system evaluation by clicking this combo box. The default value is (no customization), which means that there will be no changes to the used security policy. If you made any changes to the selected security profile, you can save those changes as an XML file by clicking the Save Customization Only item in the File menu.
Profile
This combo box contains the name of the selected security profile. You can select the security profile from a given XCCDF or data-stream file by clicking this combo box. To create a new profile that inherits properties of the selected security profile, click the Customize button.
Target
The two radio buttons enable you to select whether the system to be evaluated is a local or remote machine.
Selected Rules
This field displays a list of security rules that are subject of the security policy. Expanding a particular security rule provides detailed information about that rule.
Status bar
This is a graphical bar that indicates status of an operation that is being performed.
Fetch remote resources
This check box allows to instruct the scanner to download a remote OVAL content defined in an XML file.
Remediate
This check box enables the remediation feature during the system evaluation. If you check this box, SCAP Workbench will attempt to correct system settings that would fail to match the state defined by the policy.
Scan
This button allows you to start the evaluation of the specified system.
SCAP Workbench Window

Figure 8.2. SCAP Workbench Window