Chapter 6. OpenSCAP
6.1. OpenSCAP Features
- A tool to verify a system confirms to a standardRHN Satellite Server has integrated OpenSCAP as an auditing feature from version 5.5. It allows you to schedule and view compliance scans for the system through the web interface.
- SCAP contentSCAP content can be created from scratch if you have an understanding of at least XCCDF or OVAL. Alternatively, another option exists. XCCDF content is frequently published online under open source licenses and this content may be customized to suit your needs instead.
NoteRed Hat supports the use of templates to evaluate your systems. However, custom content authoring of these templates is not supported.Some examples of these groups are:
- The United States Government Configuration Baseline (USGCB) for RHEL5 Desktop — Official SCAP content for desktops within federal agencies that has been developed at NIST in collaboration with Red Hat, Inc. and the United States Department of Defense (DoD) using OVAL.
- Community-provided content
- SCAP Security Guide for RHEL6 — Active community-run content that sources from the USGCB requirements and widely-accepted policies and contains profiles for desktop, server, and ftp server.
- OpenSCAP Content for RHEL6 — The openscap-content package from the Red Hat Enterprise Linux 6 Optional Channel also provides default content guidance for Red Hat Enterprise Linux 6 systems via a template.