linux:compliance_cis
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
linux:compliance_cis [2024/09/19 23:09] manu created |
linux:compliance_cis [2024/09/20 09:32] (current) manu |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| Install the package scap-security-guide to check compliance and remediation | Install the package scap-security-guide to check compliance and remediation | ||
| + | === Check === | ||
| + | Get more information on the profile related to CIS, using the profile id (visible after the Title in the ssg-rhel8-ds.xml file): xccdf_org.ssgproject.content_profile_cis | ||
| + | oscap info --profile xccdf_org.ssgproject.content_profile_cis /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml | ||
| + | |||
| + | Generate a result file and a html report using OpenSCAP scanner tool, CIS Benchmark version 1.0.0 | ||
| + | oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis --results scan_results.xml --report scan_report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml | ||
| + | |||
| + | |||
| + | === Remediation === | ||
| + | |||
| + | /usr/share/scap-security-guide/ansible/ | ||
| + | /usr/share/scap-security-guide/bash/ | ||
| + | /usr/share/scap-security-guide/kickstart/ | ||
| + | | ||
| + | Remediate using ansible | ||
| + | oscap xccdf generate fix --fix-type ansible --output PlaybookToRemediate.yml --result-id "" scan_results.xml | ||
linux/compliance_cis.1726780176.txt.gz · Last modified: 2024/09/19 23:09 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
