Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

8.3.3. Scanning the System

The main functionality of SCAP Workbench is to perform security scans on a selected system in accordance with the given XCCDF or data stream file. To evaluate your system against the selected security policy, follow these steps:
  1. Select a security policy by using either the Open SCAP Security Guide window, or Open Other Content in the File menu and search the respective XCCDF, SCAP RPM or data stream file.

    Warning

    Selecting a security policy results in the loss of any previous customization changes that were not saved. To re-apply the lost options, you have to choose the available profile and customization content again. Note that your previous customizations may not be applicable with the new security policy.
  2. To use a pre-arranged a file with customized security content specific to your use case, you can load this file by clicking on the Customization combo box. You can also create a custom tailoring file by altering an available security profile. For more information, see Section 8.3.4, “Customizing Security Profiles”.
    1. Select the (no customization) option if you do not want to use any customization for the current system evaluation. This is the default option if no previous customization was selected.
    2. Select the (open customization file...) option to search for the particular tailoring file to be used for the current system evaluation.
    3. If you have previously used some customization file, SCAP Workbench remembers this file and adds it to the list. This simplifies repetitive application of the same scan.
  3. Select a suitable security profile by clicking the Profile combo box.
    1. To modify the selected profile, click the Customize button. For more information about profile customization, see Section 8.3.4, “Customizing Security Profiles”.
  4. Select either of two Target radio buttons to scan either a local or a remote machine.
    1. If you have selected a remote system, specify it by entering the user name, host name, and the port information as shown in the following example. If you have previously used the remote scan, you can also select a remote system from a list of recently scanned machines.
      Specifying a Remote System

      Figure 8.3. Specifying a Remote System

  5. You can allow automatic correction of the system configuration by selecting the Remediate check box. With this option enabled, SCAP Workbench attempts to change the system configuration in accordance with the security rules applied by the policy, should the related checks fail during the system scan.

    Warning

    If not used carefully, running the system evaluation with the remediation option enabled could render the system non-functional.
  6. Click the Scan button to initiate the system scan.