Last active
April 16, 2025 08:23
-
-
Save CalvinHartwell/322495e06655a5f351ad7a1219504813 to your computer and use it in GitHub Desktop.
Revisions
-
CalvinHartwell revised this gist
Sep 18, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -24,7 +24,7 @@ Then you can build the content for 18.04: ## Running a Scan After installing the command-line tool and the SCAP security guide, the policies can be found in directory: ``` /usr/share/scap-security-guide/ ``` -
Sep 18, 2019 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -49,9 +49,11 @@ sudo cp /home/calvinh/content/build/ssg-ubuntu1804-cpe-dictionary.xml /usr/share ``` and to run a scan: ``` oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results xccdf_org.ssgproject.content_profile_standard.xml --report xccdf_org.ssgproject.content_profile_standard.html ssg-ubuntu1804-ds-1.2.xml ``` You should now receive a set of results of the scan. -
Sep 18, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,57 @@ # Using OpenSCAP on Ubuntu 18.04 LTS ## Installation Instructions First we install the following packages to use the openscap command-line tool: sudo apt-get install libopenscap8 python-openscap We will also install the SCAP security guide: sudo apt install ssg-base ssg-debderived ssg-debian ssg-nondebian ssg-applications Please note that both of these packages come from Universe and are not covered by Ubuntu Advantage by default. Details of the packages can be found here: [https://packages.ubuntu.com/search?suite=bionic&searchon=names&keywords=ssg](https://packages.ubuntu.com/search?suite=bionic&searchon=names&keywords=ssg). However, we would recommend pulling the latest OpenSCAP security guide from github to get the latest scans: ``` apt-get install cmake make expat libopenscap8 libxml2-utils ninja-build python3-jinja2 python3-yaml xsltproc git clone https://github.com/ComplianceAsCode/content.git ``` Then you can build the content for 18.04: ``` ./build_product ubuntu18.04 ``` ## Running a Scan After installing the command-line tool and the SCAP secuyrity guide, the policies can be found in directory: ``` /usr/share/scap-security-guide/ ``` or if you built from source: ``` /home/calvinh/content/build/ ``` There is a bug with Debian (https://github.com/ComplianceAsCode/content/issues/2421) which is fixed by the following procedure: ``` configure openscap to specify its cpe dir to point to scap-security-guide dir, this will permit openscap to use the scap-security-guide cpe files for the xccdf evaluation OR copy the scap-security-guide ssg-ubuntu1604-cpe*.xml in the default openscap cpe dir (/usr/share/openscap/cpe) ``` So let's run the command: ``` sudo cp /home/calvinh/content/build/ssg-ubuntu1804-cpe-dictionary.xml /usr/share/openscap/cpe/openscap-cpe-dict.xml ``` and to run a scan: ``` oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results xccdf_org.ssgproject.content_profile_standard.xml --report xccdf_org.ssgproject.content_profile_standard.html ssg-ubuntu1804-ds-1.2.xml ```