I use the GovReady script as a front end to remotely scan a collection of RHEL/7 instances. The remote instances have to have oscap-scanner installed, and the user should have sudo capability. I have some of this packed up in ansible roles, but the vagrant testing platform broke in an update a while back and I haven't fixed that yet (pull requests welcome!). The roles needed would be:
https://galaxy.ansible.com/CivicActions/govready/ https://galaxy.ansible.com/CivicActions/openscap/ https://galaxy.ansible.com/CivicActions/scap-security-guide/ Hope this helps, =Fen Fen Labalme, CISO at CivicActions.com Security | Quality | DevOps mobile: 412-996-4113 github/skype/twitter: openprivacy On Tue, Apr 4, 2017 at 3:29 PM, Gary Gapinski <gapin...@nasa.gov> wrote: > On 04/04/2017 02:41 PM, Mohanraj, Bharath wrote: > > Hi Open SCAP Team, > > Can someone help me know how OSCAP scanner can be used on a installed on a > RHEL 7. > > Any pointers or doc notes will really help. > > I tried the below command, but no luck. > > ************************************* > [root@vl-pun-mar-dv15 bin]# yum -y install openscap-scanner > > > Unsure why that did not work. > > [gapinski@rhel7 ~]$ yum info openscap-scanner > Loaded plugins: langpacks, product-id, search-disabled-repos, > subscription-manager > Repo rhel-7-workstation-extras-rpms forced skip_if_unavailable=True due to: > /etc/pki/entitlement/7249779218571624439-key.pem > Repo rhel-7-workstation-optional-rpms forced skip_if_unavailable=True due to: > /etc/pki/entitlement/7249779218571624439-key.pem > Repo rhel-7-workstation-rpms forced skip_if_unavailable=True due to: > /etc/pki/entitlement/7249779218571624439-key.pem > Installed Packages > Name : openscap-scanner > Arch : x86_64 > Version : 1.2.10 > Release : 3.el7_3 > Size : 112 k > Repo : installed > >From repo : rhel-7-workstation-rpms > Summary : OpenSCAP Scanner Tool (oscap) > URL : http://www.open-scap.org/ > License : LGPLv2+ > Description : The openscap-scanner package contains oscap command-line tool. > The oscap > : is configuration and vulnerability scanner, capable of > performing > : compliance checking using SCAP content. > > [gapinski@rhel7 ~]$ > > > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list >
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list