Menu Close
Settings Close

Language and Page Formatting Options

8.3.3. 查看配置文件是否符合配置合规

在决定使用配置文件进行扫描或修复前,您可以使用 oscap info 子命令列出它们并检查其详细描述。

先决条件

  • openscap-scannerscap-security-guide 软件包已安装。

步骤

  1. 列出 SCAP 安全指南项目所提供的带有安全合规配置文件的所有可用文件:

    $ ls /usr/share/xml/scap/ssg/content/
    ssg-rhel9-ds.xml
  2. 使用 oscap info 子命令显示关于所选数据流的详细信息。包含数据流的 XML 文件由其名称中的 -ds 字符串表示。在 Profiles 部分,您可以找到可用的配置文件及其 ID 列表:

    $ oscap info /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
    Profiles:
    ...
      Title: Australian Cyber Security Centre (ACSC) Essential Eight
        Id: xccdf_org.ssgproject.content_profile_e8
      Title: Health Insurance Portability and Accountability Act (HIPAA)
        Id: xccdf_org.ssgproject.content_profile_hipaa
      Title: PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 9
        Id: xccdf_org.ssgproject.content_profile_pci-dss
    ...
  3. 从 data-stream 文件中选择一个配置文件,并显示所选配置文件的额外详情。为此,可使用带有 --profile 选项的 oscap info ,后跟上一命令输出中显示的 ID 的最后一部分。例如,HIPPA 配置文件的 ID 是: xccdf_org.ssgproject.content_profile_hipaa--profile 选项的值为 hipaa

    $ oscap info --profile hipaa /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
    ...
    Profile
    	Title: [RHEL9 DRAFT] Health Insurance Portability and Accountability Act (HIPAA)
    	Id: xccdf_org.ssgproject.content_profile_hipaa
    
    	Description: The HIPAA Security Rule establishes U.S. national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.  This profile configures Red Hat Enterprise Linux 9 to the HIPAA Security Rule identified for securing of electronic protected health information. Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).

其他资源

  • scap-security-guide(8) man page