此内容没有您所选择的语言版本。
8.4.6.2. OpenSCAP Offline Remediation
Offline remediation allows you to postpone fix execution. In first step, the system is only evaluated, and the results are stored in a
TestResult
element in an XCCDF file.
In the second step,
oscap
executes the fix scripts and verifies the result. It is safe to store the results into the input file, no data will be lost. During offline remediation, OpenSCAP creates a new TestResult
element that is based on the input one and inherits all the data. The newly created TestResult
differs only in the rule-result
elements that have failed. For those, remediation is executed.
To perform offline remediation using the scap-security-guide package, run:
~]$
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_rht-ccp --results scan-xccdf-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml
~]$
oscap xccdf remediate --results scan-xccdf-results.xml scan-xccdf-results.xml