Here is how to run the SCAP security audit on CentOS 6. I haven’t yet decided how to best integrate this test in my tool chain. I am torn between using this clunky and complex XML based tool or simply redoing it serverspec.
This post shows how to run it. It produces a very interesting report.
- Install the EPEL repository
- Install the SCAP packages:
yum install openscap-utils scap-security-guide -y
- Run this command:
oscap xccdf eval --profile common \
--report ~/report.html \
--results ~/results.xml \
--cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
report.html in a web browser to see how you did. You can use your automated CM tool to correct the problems in your base configuration.