← 返回命令列表

Linux command

oscap 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Show profiles and metadata

oscap info [content.xml]

Scan system against an XCCDF profile

oscap xccdf eval --profile [profile_id] --results [results.xml] --report [report.html] [ssg-content.xml]

Scan and auto-remediate

oscap xccdf eval --remediate --profile [profile_id] [ssg-content.xml]

Allow downloading remote OVAL content

oscap xccdf eval --fetch-remote-resources --profile [profile_id] [ssg-content.xml]

Use a tailored profile

oscap xccdf eval --tailoring-file [tailoring.xml] --profile [tailored_profile_id] [ssg-content.xml]

Run an OVAL definitions file

oscap oval eval --results [results.xml] --report [report.html] [oval-definitions.xml]

Generate a remediation script

oscap xccdf generate fix --fix-type [bash|ansible|puppet] --profile [profile_id] --output [fix.sh] [content.xml]

说明

oscap is the OpenSCAP command-line tool for evaluating systems against SCAP (Security Content Automation Protocol) content. It can run XCCDF benchmarks, evaluate OVAL definitions for vulnerabilities or configuration issues, generate human-readable reports, and even apply remediations automatically. Typical content is shipped by the scap-security-guide (SSG) project as data-stream files such as /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml, providing profiles like xccdf_org.ssgproject.content_profile_cis or _pci-dss.

FAQ

What is the oscap command used for?

oscap is the OpenSCAP command-line tool for evaluating systems against SCAP (Security Content Automation Protocol) content. It can run XCCDF benchmarks, evaluate OVAL definitions for vulnerabilities or configuration issues, generate human-readable reports, and even apply remediations automatically. Typical content is shipped by the scap-security-guide (SSG) project as data-stream files such as /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml, providing profiles like xccdf_org.ssgproject.content_profile_cis or _pci-dss.

How do I run a basic oscap example?

Run `oscap info [content.xml]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

Where can I find more oscap examples?

This page includes 7 examples for oscap, plus related commands for nearby Linux tasks.