126.96.36.199. OpenSCAP Offline Remediation
Offline remediation allows you to postpone fix execution. In first step, the system is only evaluated, and the results are stored in a
TestResultelement in an XCCDF file.
In the second step,
oscapexecutes the fix scripts and verifies the result. It is safe to store the results into the input file, no data will be lost. During offline remediation, OpenSCAP creates a new
TestResultelement that is based on the input one and inherits all the data. The newly created
TestResultdiffers only in the
rule-resultelements that have failed. For those, remediation is executed.
To perform offline remediation using the scap-security-guide package, run:
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_rht-ccp --results scan-xccdf-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml
oscap xccdf remediate --results scan-xccdf-results.xml scan-xccdf-results.xml