Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
oscap-ssh - remote oval and xccdf evaluation #69
This pull request adds oscap-ssh - a portable bash script that requires just bash, ssh, scp and mktemp to perform OVAL and XCCDF evaluation of remote machines. The remote machine has to have
What follows is a walk through a typical usage of the script. The output has been shortened for brevity. OVAL evaluation would be very similar, the documentation included in the script should be enough to get it working.
Usage (XCCDF eval)
The following command evaluates a remote Fedora machine as root. HTML report is written out as report.html on the local machine. Can be executed from any machine that has ssh, scp and bash. The local machine does not need openscap installed.
A more full example, uses a tailoring file and also copies back ARF, XCCDF results. The tailoring file is copied from local machine to remote.
I don't consider this ready to be merged. There are 2 minor things that need to be finished before that.
This pull request can in the meantime serve as a discussion hub. Reviews, suggestions for improvement or any other feedback from anyone highly appreciated!
I have finished the TODO tasks outlined in the first post. In my opinion the pull request is ready for merging.
I'd also like to suggest that oscap-vm and oscap-container be done with similar command line syntax -
OK, let me reiterate my new TODO so I don't forget :-)
I expect more oscap options to be missing. Those can be added later as people discover them.