搜索

此内容没有您所选择的语言版本。

8.4.5. Validating SCAP Content

download PDF
Before you start using a security policy on your systems, you should first verify the policy in order to avoid any possible syntax or semantic errors in the policy. The oscap utility can be used to validate the security content against standard SCAP XML schemas. The validation results are printed to the standard error stream (stderr). The general syntax of such a validation command is the following:
oscap module validate [module_options_and_arguments] file
Where file is the full path to the file being validated. The only exception is the data stream module (ds), which uses the sds-validate operation instead of validate. Note that all SCAP components within the given data stream are validated automatically, and none of the components is specified separately, as can be seen in the following example:
~]$ oscap ds sds-validate /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml
With certain SCAP content, such as OVAL specification, you can also perform a Schematron validation. The Schematron validation is slower than the standard validation but provides deeper analysis, and is thus able to detect more errors. The following SSG example shows typical usage of the command:
~]$ oscap oval validate --schematron /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.