- Download the latest SSG Release OVAL ZIP file onto the target system
- Unzip the downloaded file and
cdinto the directory - Make sure that you have the
openscap-scannerpackage installed - Run
oscap xccdf eval --profile <profile_name> --results ~/scan-output.xml --report ~/scan-output.html ssg-<OS>-ds.xml- You can get the list of available profiles by running
oscap info ssg-<OS>-ds.xml For example, to run the
STIGprofile onCentOS 7, you would run the following command:oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --results ~/scan-output.xml --report ~/scan-output.html ssg-centos7-ds.xml
- You can get the list of available profiles by running