8.7.2. Auditing System Settings with SCAP Security Guide

The SCAP Security Guide (SSG) project's package, scap-security-guide, contains the latest set of security polices for Linux systems. Part of scap-security-guide is also a guidance for Red Hat Enterprise Linux 6 settings. To inspect the security content available with scap-security-guide, use the oscap info module:

~]$ oscap info /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml

The output of this command is an outline of the SSG document and it contains available configuration profiles. To audit your system settings, choose a suitable profile and run the appropriate evaluation command. For example, the following command is used to assess the given system against a draft SCAP profile for Red Hat Certified Cloud Providers:

~]$ oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_rht-ccp --results ssg-rhel6-xccdf-result.xml --report ssg-rhel6-report.html /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml