diff --git a/CMakeLists.txt b/CMakeLists.txt index 76f70d015e..631af04661 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -337,7 +337,7 @@ cmake_dependent_option(ENABLE_OSCAP_UTIL_AS_RPM "enable the scap-as-rpm utility, cmake_dependent_option(ENABLE_OSCAP_UTIL_SSH "enables the oscap-ssh utility, this lets you scan remote machines over ssh" ON "NOT WIN32" OFF) cmake_dependent_option(ENABLE_OSCAP_UTIL_VM "enables the oscap-vm utility, this lets you scan VMs and VM storage images" ON "NOT WIN32" OFF) cmake_dependent_option(ENABLE_OSCAP_UTIL_PODMAN "enables the oscap-podman utility, this lets you scan Podman containers and container images" ON "NOT WIN32" OFF) -cmake_dependent_option(ENABLE_OSCAP_UTIL_BOOTC "enables the oscap-bootc utility, this lets you build hardened bootable container images" ON "NOT WIN32" OFF) +cmake_dependent_option(ENABLE_OSCAP_UTIL_IM "enables the oscap-im utility, this lets you build hardened bootable container images" ON "NOT WIN32" OFF) cmake_dependent_option(ENABLE_OSCAP_UTIL_CHROOT "enables the oscap-chroot utility, this lets you scan entire chroots using offline scanning" ON "NOT WIN32" OFF) option(ENABLE_OSCAP_UTIL_AUTOTAILOR "enables the autotailor utility that is able to perform command-line tailoring" TRUE) option(ENABLE_OSCAP_REMEDIATE_SERVICE "enables the oscap-remediate service" FALSE) @@ -477,7 +477,7 @@ message(STATUS "scap-as-rpm: ${ENABLE_OSCAP_UTIL_AS_RPM}") message(STATUS "oscap-ssh: ${ENABLE_OSCAP_UTIL_SSH}") message(STATUS "oscap-vm: ${ENABLE_OSCAP_UTIL_VM}") message(STATUS "oscap-podman: ${ENABLE_OSCAP_UTIL_PODMAN}") -message(STATUS "oscap-bootc: ${ENABLE_OSCAP_UTIL_BOOTC}") +message(STATUS "oscap-im: ${ENABLE_OSCAP_UTIL_IM}") message(STATUS "oscap-chroot: ${ENABLE_OSCAP_UTIL_CHROOT}") message(STATUS "autotailor: ${ENABLE_OSCAP_UTIL_AUTOTAILOR}") message(STATUS " ") diff --git a/docs/manual/manual.adoc b/docs/manual/manual.adoc index b03a06f29d..4d1e807293 100644 --- a/docs/manual/manual.adoc +++ b/docs/manual/manual.adoc @@ -2134,15 +2134,15 @@ registry.access.redhat.com/ubi8 latest 3269c37eae33 2 months ago 208 MB Note that the `oscap-podman` command requires root privileges. -=== Building hardened bootable container images using oscap-bootc +=== Building hardened bootable container images using oscap-im -The `oscap-bootc` tool is a convenience script that makes building hardened bootable container images easier. +The `oscap-im` tool is a convenience script that makes building hardened bootable container images easier. This tool is designed to be used during the build of the bootable container image. -Include `oscap-bootc` in your `Containerfile` that will be used to build your bootable container image. -The `Containerfile` first needs to install the `openscap-utils` package which ships the `oscap-bootc` tool. +Include `oscap-im` in your `Containerfile` that will be used to build your bootable container image. +The `Containerfile` first needs to install the `openscap-utils` package which ships the `oscap-im` tool. -Also, SCAP content needs to be installed to the image before `oscap-bootc` will be run. +Also, SCAP content needs to be installed to the image before `oscap-im` will be run. Although any SCAP content can be consumed by the tool, the SCAP source data streams shipped in `scap-security-guide` are specially cared to be compatible with bootable containers. Example `Containerfile`: @@ -2152,7 +2152,7 @@ FROM quay.io/centos-bootc/centos-bootc:stream9 RUN dnf install -y openscap-utils scap-security-guide -RUN oscap-bootc --profile stig /usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml +RUN oscap-im --profile stig /usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml ---- Once you have your `Containerfile`, execute the image build: @@ -2161,7 +2161,7 @@ Once you have your `Containerfile`, execute the image build: podman build -t hardened_image . ---- -The `oscap-bootc` tool installs and removes all packages required by the selected profile to or from the image. +The `oscap-im` tool installs and removes all packages required by the selected profile to or from the image. Then, it runs a scan and remediation with the selected profile. It doesn't use offline scanning. The configuration files and other content in the image are modified by this process, depending on the used SCAP content. @@ -2169,7 +2169,7 @@ The configuration files and other content in the image are modified by this proc The built bootable container image can be then deployed and booted. After booting the image, the state of the resulting system will be in line with the selected security profile. -The `oscap-bootc` tool can't be used anywhere else than in a `Containerfile`. +The `oscap-im` tool can't be used anywhere else than in a `Containerfile`. === Scanning of Docker containers and images using oscap-docker diff --git a/utils/CMakeLists.txt b/utils/CMakeLists.txt index 7b9274434e..c372663370 100644 --- a/utils/CMakeLists.txt +++ b/utils/CMakeLists.txt @@ -139,11 +139,11 @@ if(ENABLE_OSCAP_UTIL_PODMAN) DESTINATION "${CMAKE_INSTALL_MANDIR}/man8" ) endif() -if(ENABLE_OSCAP_UTIL_BOOTC) - install(PROGRAMS "oscap-bootc" +if(ENABLE_OSCAP_UTIL_IM) + install(PROGRAMS "oscap-im" DESTINATION ${CMAKE_INSTALL_BINDIR} ) - install(FILES "oscap-bootc.8" + install(FILES "oscap-im.8" DESTINATION "${CMAKE_INSTALL_MANDIR}/man8" ) endif() diff --git a/utils/oscap-bootc b/utils/oscap-im similarity index 100% rename from utils/oscap-bootc rename to utils/oscap-im diff --git a/utils/oscap-bootc.8 b/utils/oscap-im.8 similarity index 69% rename from utils/oscap-bootc.8 rename to utils/oscap-im.8 index 9c911807b6..4dd1dc6cc3 100644 --- a/utils/oscap-bootc.8 +++ b/utils/oscap-im.8 @@ -1,19 +1,19 @@ -.TH oscap-bootc "8" "November 2024" "Red Hat, Inc." "System Administration Utilities" +.TH oscap-im "8" "January 2025" "Red Hat, Inc." "System Administration Utilities" .SH NAME -oscap-bootc \- Tool for building hardened bootable container images +oscap-im \- Tool for building hardened bootable container images .SH DESCRIPTION -The oscap-bootc tool is a convenience script that makes building hardened bootable container images easier. +The oscap-im tool is a convenience script that makes building hardened bootable container images easier. This tool is designed to be used during the build of the bootable container image. -Include oscap-bootc in your Containerfile that will be used to build your bootable container image. -The oscap-bootc runs oscap tool on a given container image. +Include oscap-im in your Containerfile that will be used to build your bootable container image. +The oscap-im runs oscap tool on a given container image. -The oscap-bootc tool can't be used anywhere else than in a Containerfile. +The oscap-im tool can't be used anywhere else than in a Containerfile. .SH USAGE -oscap-bootc [OPTION...] DATASTREAM_FILE +oscap-im [OPTION...] DATASTREAM_FILE Usage of the tool mimics usage and options of oscap(8) tool.