8.3.3. Scanning the System
- Select a security policy by using either the Open SCAP Security Guide window, or
Open Other Contentin the File menu and search the respective XCCDF, SCAP RPM or data stream file.
WarningSelecting a security policy results in the loss of any previous customization changes that were not saved. To re-apply the lost options, you have to choose the available profile and customization content again. Note that your previous customizations may not be applicable with the new security policy.
- To use a pre-arranged a file with customized security content specific to your use case, you can load this file by clicking on the Customization combo box. You can also create a custom tailoring file by altering an available security profile. For more information, see Section 8.3.4, “Customizing Security Profiles”.
- Select the
(no customization)option if you do not want to use any customization for the current system evaluation. This is the default option if no previous customization was selected.
- Select the
(open customization file...)option to search for the particular tailoring file to be used for the current system evaluation.
- If you have previously used some customization file, SCAP Workbench remembers this file and adds it to the list. This simplifies repetitive application of the same scan.
- Select a suitable security profile by clicking the Profile combo box.
- To modify the selected profile, click the Section 8.3.4, “Customizing Security Profiles”.button. For more information about profile customization, see
- Select either of tworadio buttons to scan either a local or a remote machine.
- If you have selected a remote system, specify it by entering the user name, host name, and the port information as shown in the following example. If you have previously used the remote scan, you can also select a remote system from a list of recently scanned machines.
Figure 8.3. Specifying a Remote System
- You can allow automatic correction of the system configuration by selecting the SCAP Workbench attempts to change the system configuration in accordance with the security rules applied by the policy, should the related checks fail during the system scan.check box. With this option enabled,
WarningIf not used carefully, running the system evaluation with the remediation option enabled could render the system non-functional.
- Click thebutton to initiate the system scan.