7.6. Creating a Remediation Ansible Playbook to Align the System with a Specific Baseline
- The scap-security-guide package is installed on your system.
- Scan the system and save the results:
~]#oscap xccdf eval --profile ospp --results ospp-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
- Generate an Ansible playbook based on the file generated in the previous step:
~]#oscap xccdf generate fix --fix-type ansible --output ospp-remediations.yml ospp-results.xml
ospp-remediations.ymlfile contains Ansible remediations for rules that failed during the scan performed in step 1. After you review this generated file, you can apply it with the
- In a text editor of your choice, review that the
ospp-remediations.ymlfile contains rules that failed in the scan performed in step 1.