SupportConsoleDevelopersStart a trialContact

8.4.4. Generating Reports and Guides

Another useful features of oscap is the ability to generate SCAP content in a human-readable format. The oscap utility allows you to transform an XML file into the HTML or plain-text format. This feature is used to generate security guides and checklists, which serve as a source of information, as well as guidance for secure system configuration. The results of system scans can also be transformed to well-readable result reports. The general command syntax is the following: 
oscap module generate sub-module [specific_module/sub-module_options_and_arguments] file
where module is either xccdf or oval, sub-module is a type of the generated document, and file represents an XCCDF or OVAL file.
The following are the most common examples of the command usage:

Example 8.9. Generating a Guide with a Checklist

To produce an SSG guide with a checklist for the xccdf_org.ssgproject.content_profile_rht-ccp profile, run the following command: 
~]$ oscap xccdf generate guide --profile xccdf_org.ssgproject.content_profile_rht-ccp /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml > ssg-guide-checklist.html
The guide will be stored as the ssg-guide-checklist.html file in the current directory.

Example 8.10. Transforming an SSG OVAL Scan Result into a Report

To transform a result of an SSG OVAL scan into a HTML file, run the following command: 
~]$ oscap oval generate report scan-oval-results.xml > ssg-scan-oval-report.html
The result report will be stored as the ssg-scan-oval-report.html file in the current directory. This example assumes that you run the command from the same location where the scan-oval-results.xml file is stored. Otherwise you need to specify the fully-qualified path of the file that contains the scan results.

Example 8.11. Transforming an SSG XCCDF Scan Result into a Report

To transform a result of an SSG XCCDF scan into a HTML file, run the following command: 
~]$ oscap xccdf generate report scan-xccdf-results.xml > scan-xccdf-report.html
The result report will be stored as the ssg-scan-xccdf-report.html file in the current directory. Alternatively, you can generate this report in the time of the scan using the --report command-line argument: 
~]$ oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_rht-ccp --resultsscan-xccdf-results.xml --report scan-xccdf-report.html /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.