Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Thursday, June 13, 2019
 
 

oscap (8)

Name

oscap - OpenSCAP command line tool

Synopsis

oscap  [general-options]  module operation [operation-options-and-argu-
ments]

Description

System Administration Utilities                                       OSCAP(8)



NAME
       oscap - OpenSCAP command line tool


SYNOPSIS
       oscap  [general-options]  module operation [operation-options-and-argu-
       ments]


DESCRIPTION
       oscap is Security Content Automation Protocol (SCAP) toolkit  based  on
       OpenSCAP  library.  It  provides  various  functions for different SCAP
       specifications (modules).

       OpenSCAP tool claims to provide capabilities of Authenticated  Configu-
       ration  Scanner  and  Authenticated Vulnerability Scanner as defined by
       The National Institute of Standards and Technology.


GENERAL OPTIONS
       -V, --version
              Print supported SCAP specification, location  of  schema  files,
              schematron  files, CPE files, probes and supported OVAL objects.
              Displays a list of inbuilt CPE names.

       -h, --help
              Help screen.


MODULES
       info   Determine type and print information about a file.

       xccdf  The eXtensible Configuration Checklist Description Format.

       oval   Open Vulnerability and Assessment Language.

       ds     SCAP Data Stream

       cpe    Common Platform Enumeration.

       cvss   Common Vulnerability Scoring System

       cve    Common Vulnerabilities and Exposures


INFO OPERATIONS
       any-scap-file.xml
              This module prints information about  SCAP  content  in  a  file
              specified  on  a  command line. It determines SCAP content type,
              specification version, date of creation, date of import  and  so
              on.  Info  module  doesn't  require  any  additional  opperation
              switch.

              For XCCDF or Datastream files, info module  prints  out  IDs  of
              incorporated  profiles,  components,  and datastreams. These IDs
              can be used to specify the target for  evaluation.  Use  options
              --profile,   --xccdf-id   (or  --oval-id),  and  --datastream-id
              respectively.

XCCDF OPERATIONS
       eval [options] INPUT_FILE [oval-definitions-files]
              Perform evaluation of XCCDF document file given  as  INPUT_FILE.
              Print  result  of  each  rule to standard output, including rule
              title, rule id and security identifier(CVE, CCE). Optionally you
              can  give  a  source  datastream as the INPUT_FILE instead of an
              XCCDF file (see --datastream-id).

              oscap returns 0 if all rules pass. If there is an  error  during
              evaluation,  the return code is 1. If there is at least one rule
              with either fail or unknown  result,  oscap-scan  finishes  with
              return code 2.

              Unless  --skip-valid  is used, the INPUT_FILE is validated using
              XSD schemas (depending  on  document  type  of  INPUT_FILE)  and
              rejected if invalid.

              You  may  specify  OVAL  Definition files as the last parameter,
              XCCDF evaluation will then proceed  only  with  those  specified
              files. Otherwise, when oval-definitions-files parameter is miss-
              ing, oscap tool will try to load all OVAL Definition files  ref-
              erenced  from  XCCDF  automatically  (search in the same path as
              XCCDF).

              --profile PROFILE
                     Select a particular profile from XCCDF document.

              --tailoring-file TAILORING_FILE
                     Use given file for XCCDF tailoring. If both  --tailoring-
                     file  and  --tailoring-id are specified, --tailoring-file
                     takes priority!

              --tailoring-id COMPONENT_ID
                     Use component of given ID (in  input  source  datastream)
                     for  XCCDF tailoring. If both --tailoring-file and --tai-
                     loring-id are specified, --tailoring files  takes  prior-
                     ity!

              --cpe CPE_FILE
                     Use  given CPE dictionary or language (auto-detected) for
                     applicability checks. (Some CPE  names  are  provided  by
                     openscap, see oscap --version for Inbuilt CPE names)

              --results FILE
                     Write XCCDF results into FILE.

              --results-arf FILE
                     Writes results to a given FILE in Asset Reporting Format.
                     It is recommended to use this option instead of --results
                     when dealing with datastreams.

              --report FILE
                     Write  HTML  report  into  FILE. You also have to specify
                     --results for this feature to work.  Please  see  --oval-
                     results to enable additional information in the report.

              --oval-results
                     Generate  OVAL Result file for each OVAL session used for
                     evaluation. File  with  name  'original-oval-definitions-
                     filename.result.xml'  will  be  generated for each refer-
                     enced OVAL file in current working directory. This option
                     (in  conjunction  with  the --report option) also enables
                     inclusion of additional OVAL  information  in  the  XCCDF
                     report. To change the directory where OVAL files are gen-
                     erated change the CWD using the `cd` command.

              --check-engine-results
                     After evaluation is finished, each  loaded  check  engine
                     plugin  is asked to export its results. The export itself
                     is plugin specific, please refer to documentation of  the
                     plugin for more details.

              --export-variables
                     Generate  OVAL Variables documents which contain external
                     variables' values that were provided to the OVAL checking
                     engine  during evaluation. The filename format is 'origi-
                     nal-oval-definitions-filename-session-index.variables-
                     variables-index.xml'.

              --datastream-id ID
                     Uses  a datastream with that particular ID from the given
                     datastream collection. If not given the first  datastream
                     is  used.  Only  applies if you give source datastream in
                     place of an XCCDF file.

              --xccdf-id ID
                     Takes component ref with given ID from  checklists.  This
                     allows  to  select  a  particular XCCDF component even in
                     cases where there are 2 XCCDFs in one datastream. If none
                     is given, the first component from the checklists element
                     is used.

              --benchmark-id ID
                     Selects a component ref from any datastream  that  refer-
                     ences  a component with XCCDF Benchmark such that its @id
                     attribute matches given string exactly. Please note  that
                     this is not the recommended way of selecting a component-
                     ref. You are advised to use  --xccdf-id  AND/OR  --datas-
                     tream-id  for more precision. --benchmark-id is only used
                     when both --xccdf-id and --datastream-id are not  present
                     on the command line!

              --skip-valid
                     Do not validate input/output files.

              --fetch-remote-resources
                     Allow  download  of  remote  OVAL content referenced from
                     XCCDF by check-content-ref/@href.

              --remediate
                     Execute XCCDF remediation in the process of XCCDF evalua-
                     tion. This option automatically executes content of XCCDF
                     fix elements for failed rules, and  thus  this  shall  be
                     avoided unless for trusted content. Use of this option is
                     always at your own risk.

              --verbose VERBOSITY_LEVEL
                     Turn on verbose mode at specified verbosity  level.  VER-
                     BOSITY_LEVEL is one of: DEVEL, INFO, WARNING, ERROR.

              --verbose-log-file FILE
                     Set filename to write additional information.

       remediate [options] INPUT_FILE [oval-definitions-files]
              This  module provides post-scan remediation. It assumes that the
              INPUT_FILE is result of `oscap xccdf eval` operation. The  input
              file must contain TestResult element. This module executes XCCDF
              fix elements for  failed  rule-result  contained  in  the  given
              TestResult. Use of this option is always at your own risk and it
              shall be avoided unless for trusted content.

              --result-id ID
                     ID of the XCCDF TestResult element which shall  be  reme-
                     died.  If  this option is missing the last TestResult (in
                     top-down processing) will be remedied.

              --skip-valid
                     Do not validate input/output files.

              --fetch-remote-resources
                     Allow download of remote  OVAL  content  referenced  from
                     XCCDF by check-content-ref/@href.

              --cpe CPE_FILE
                     Use  given CPE dictionary or language (auto-detected) for
                     applicability checks.

              --results FILE
                     Write XCCDF results into FILE.

              --results-arf FILE
                     Writes results to a given FILE in Asset Reporting Format.
                     It is recommended to use this option instead of --results
                     when dealing with datastreams.

              --report FILE
                     Write HTML report into FILE. You  also  have  to  specify
                     --results for this feature to work.

              --oval-results
                     Generate  OVAL Result file for each OVAL session used for
                     evaluation. File  with  name  'original-oval-definitions-
                     filename.result.xml'  will  be  generated for each refer-
                     enced OVAL file. This option (with conjunction  with  the
                     --report  option)  also  enables  inclusion of additional
                     OVAL information in the XCCDF report.

              --check-engine-results
                     After evaluation is finished, each  loaded  check  engine
                     plugin  is asked to export its results. The export itself
                     is plugin specific, please refer to documentation of  the
                     plugin for more details.

              --export-variables
                     Generate  OVAL Variables documents which contain external
                     variables' values that were provided to the OVAL checking
                     engine  during evaluation. The filename format is 'origi-
                     nal-oval-definitions-filename-session-index.variables-
                     variables-index.xml'.

       resolve -o output-file xccdf-file
              Resolve  an  XCCDF file as described in the XCCDF specification.
              It will flatten inheritance hierarchy of XCCDF profiles, groups,
              rules,  and values. Result is another XCCDF document, which will
              be written to output-file.

              --force
                     Force resolving XCCDF document  even  if  it  is  already
                     marked as resolved.

       validate [options] xccdf-file
              Validate  given  XCCDF  file  against  a XML schema. Every found
              error is printed to the standard error. Return code is 0 if val-
              idation  succeeds, 1 if validation could not be performed due to
              some error, 2 if the XCCDF document is not valid.

              --schematron
                     Turn on Schematron-based validation. It is able  to  find
                     more  errors  and  inconsistencies  but  is  much slower.
                     Schematron is available only for XCCDF version 1.2.

       export-oval-variables [options] xccdf-file [oval-definitions-files]
              Collect all the XCCDF values that would be used by  OVAL  during
              evaluation  of  a certain profile and export them as OVAL exter-
              nal-variables document(s). The  filename  format  is  'original-
              oval-definitions-filename-session-index.variables-variables-
              index.xml'.

              --profile PROFILE
                     Select a particular profile from XCCDF document.

              --fetch-remote-resources
                     Allow download of remote  OVAL  content  referenced  from
                     XCCDF by check-content-ref/@href.

              --skip-valid
                     Do not validate input/output files.

              --datastream-id ID
                     Uses  a datastream with that particular ID from the given
                     datastream collection. If not given the first  datastream
                     is  used.  Only  applies if you give source datastream in
                     place of an XCCDF file.

              --xccdf-id ID
                     Takes component ref with given ID from  checklists.  This
                     allows  to  select  a  particular XCCDF component even in
                     cases where there are 2 XCCDFs in one datastream.

              --cpe CPE_FILE
                     Use given CPE dictionary or language (auto-detected)  for
                     applicability checks. The variables documents are created
                     only for xccdf:Rules which are applicable.

       generate [options] <submodule> [submodule-specific-options]
              Generate another document form an XCCDF file  such  as  security
              guide or result report.

              --profile ID
                     Apply  profile with given ID to the Benchmark before fur-
                     ther processing takes place.

              Available submodules:

              guide [options] xccdf-file
                     Generate a formatted document containing a security guide
                     from  a  XCCDF  Benchmark.  Unless the --output option is
                     specified it will be  written  to  the  standard  output.
                     Without profile being set only groups (not rules) will be
                     included in the output.

                     --output FILE
                            Write the guide to this file instead  of  standard
                            output.

                     --hide-profile-info
                            Information on chosen profile (e.g. rules selected
                            by the profile) will be excluded  from  the  docu-
                            ment.

              report [options] xccdf-file
                     Generate  a document containing results of a XCCDF Bench-
                     mark execution. Unless the --output option  is  specified
                     it  will  be  written  to  the standard output. ID of the
                     TestResult element to  visualise  defaults  to  the  most
                     recent result (according to the end-time attribute).

                     --output FILE
                            Write  the report to this file instead of standard
                            output.

                     --result-id ID
                            ID of the XCCDF TestResult from which  the  report
                            will be generated.

                     --show what
                            Specify  what  result  types shall be displayed in
                            the result report. The default is to  show  every-
                            thing  except  for  rules with results notselected
                            and notapplicable. The what part is a  comma-sepa-
                            rated  list of result types to display in addition
                            to the default. If result type is  prefixed  by  a
                            dash '-', it will be excluded from the results. If
                            what is prefixed by an equality sign '=',  a  fol-
                            lowing  list  specifies exactly what rule types to
                            include in the report.  Result  types  are:  pass,
                            fixed,   notchecked,  notapplicable,  notselected,
                            informational, unknown, error, fail.

                     --oval-template template-string
                            To use the ability to include additional  informa-
                            tion  from  OVAL  in xccdf result file, a template
                            which will be used  to  obtain  OVAL  result  file
                            names  has  to  be  specified. The template can be
                            either a filename or a string containing  wildcard
                            character  (percent  sign  '%').  Wildcard will be
                            replaced by the original OVAL definition file name
                            as  referenced from the XCCDF file. This way it is
                            possible to  obtain  OVAL  information  even  from
                            XCCDF documents referencing several OVAL files. To
                            use this option with results from an XCCDF evalua-
                            tion,  specify  %.result.xml  as  a OVAL file name
                            template.

              fix [options] xccdf-file
                     Generate a script that shall bring the system to a  state
                     of compliance with given XCCDF Benchmark.

                     --output FILE
                            Write  the report to this file instead of standard
                            output.

                     --result-id ID
                            Fixes will be generated for failed rule-results of
                            the specified TestResult.

                     --template ID|FILE
                            Template  to be used to generate the script. If it
                            contains a dot '.' it is interpreted as a location
                            of  a file with the template definition. Otherwise
                            it identifies a template from standard  set  which
                            currently includes: bash (default if no --template
                            switch present). Brief explanation of the  process
                            of  writing  your own templates is in the XSL file
                            xsl/legacy-fix.xsl in the openscap data directory.
                            You  can  also take a look at the default template
                            xsl/legacy-fixtpl-bash.xml.

              custom --stylesheet xslt-file [options] xccdf-file
                     Generate a custom output (depending on given  XSLT  file)
                     from an XCCDF file.

                     --stylesheet FILE
                            Specify an absolute path to a custom stylesheet to
                            format the output.

                     --output FILE
                             Write the document into file.


OVAL OPERATIONS
       eval [options] INPUT_FILE
              Probe the system and evaluate all definitions from OVAL  Defini-
              tion  file.  Print result of each definition to standard output.
              The return code is 0 after a  successful evaluation.  On  error,
              value 1 is returned.

              INPUT_FILE  can  be  either  OVAL Definition File or SCAP Source
              Datastream, it depends on used options.

              Unless --skip-valid is used, the INPUT_FILE is  validated  using
              XSD  schemas  (depending  on  document  type  of INPUT_FILE) and
              rejected if invalid.

              --id DEFINITION-ID
                     Evaluate ONLY specified OVAL Definition from OVAL Defini-
                     tion File.

              --variables FILE
                     Provide  external  variables  expected by OVAL Definition
                     File.

              --directives FILE
                     Use OVAL Directives content to  specify  desired  results
                     content.

              --results FILE
                     Write OVAL Results into file.

              --report FILE
                     Create human readable (HTML) report from OVAL Results.

              --datastream-id ID
                     Uses  a datastream with that particular ID from the given
                     datastream collection. If not given the first  datastream
                     is  used.  Only  applies if you give source datastream in
                     place of an OVAL file.

              --oval-id ID
                     Takes component ref  with  given  ID  from  checks.  This
                     allows  to  select  a  particular  OVAL component even in
                     cases where there are 2 OVALs in one datastream.

              --skip-valid
                     Do not validate input/output files.

              --verbose VERBOSITY_LEVEL
                     Turn on verbose mode at specified verbosity  level.  VER-
                     BOSITY_LEVEL is one of: DEVEL, INFO, WARNING, ERROR.

              --verbose-log-file FILE
                     Set filename to write additional information.


       collect [options] definitions-file
              Probe  the  system  and  gather  system  characteristics for all
              objects in OVAL Definition file.

              --id OBJECT-ID
                     Collect system characteristics ONLY  for  specified  OVAL
                     Object.

              --variables FILE
                     Provide external variables expected by OVAL Definitions.

              --syschar FILE
                     Write OVAL System Characteristic into file.

              --skip-valid
                     Do not validate input/output files.

              --verbose VERBOSITY_LEVEL
                     Turn  on  verbose mode at specified verbosity level. VER-
                     BOSITY_LEVEL is one of: DEVEL, INFO, WARNING, ERROR.

              --verbose-log-file FILE
                     Set filename to write additional information.


       analyse [options] --results FILE definitions-file syschar-file
              In this mode, the oscap tool does not perform data collection on
              the local system, but relies upon the input file, which may have
              been generated on another system. The output (OVAL  Results)  is
              printed to file specified by --results parameter.

              --variables FILE
                     Provide external variables expected by OVAL Definitions.

              --directives FILE
                     Use  OVAL  Directives  content to specify desired results
                     content.

              --skip-valid
                     Do not validate input/output files.

              --verbose VERBOSITY_LEVEL
                     Turn on verbose mode at specified verbosity  level.  VER-
                     BOSITY_LEVEL is one of: DEVEL, INFO, WARNING, ERROR.

              --verbose-log-file FILE
                     Set filename to write additional information.


       validate [options] oval-file
              Validate given OVAL file against a XML schema. Every found error
              is printed to the standard error. Return code is 0 if validation
              succeeds,  1  if  validation  could not be performed due to some
              error, 2 if the OVAL document is not valid.

              --definitions, --variables, --syschar, --results --directives
                     Type of the OVAL document is  automatically  detected  by
                     default.  If  you want enforce certain document type, you
                     can use one of these options.

              --schematron
                     Turn on Schematron-based validation. It is able  to  find
                     more errors and inconsistencies but is much slower.

       generate <submodule> [submodule-specific-options]
              Generate another document form an OVAL file.

              Available submodules:

              report [options] oval-results-file
                     Generate  a  formatted HTML page containing visualisation
                     of an OVAL results file. Unless the  --output  option  is
                     specified it will be written to the standard output.

                     --output FILE
                            Write  the report to this file instead of standard
                            output.

       list-probes [options]
              List supported object types (i.e. probes)

              --static
                     List all probes defined in the internal tables.

              --dynamic
                     List all probes supported on the current system (this  is
                     default behavior).

              --verbose
                     Be verbose.



CPE OPERATIONS
       check name
              Check whether name is in correct CPE format.

       match name dictionary.xml
              Find an exact match of CPE name in the dictionary.

       validate cpe-dict-file
              Validate  given  CPE dictionary file against a XML schema. Every
              found error is printed to the standard error. Return code  is  0
              if  validation  succeeds, 1 if validation could not be performed
              due to some error, 2 if the XCCDF document is not valid.


CVSS OPERATIONS
       score cvss_vector
              Calculate score from a CVSS vector. Prints base score  for  base
              CVSS  vector,  base and temporal score for temporal CVSS vector,
              base and temporal and environmental score for environmental CVSS
              vector.

       describe cvss_vector
              Describe individual components of a CVSS vector in a human-read-
              able format and print partial scores.

       CVSS vector consists of several slash-separated components specified as
       key-value  pairs.  Each  key  can be specified at most once. Valid CVSS
       vector has to contain at least base CVSS metrics, i.e. AV, AC,  AU,  C,
       I, and A. Following table summarizes the components and possible values
       (second column is metric category: B for base, T for  temporal,  E  for
       environmental):

              AV:[L|A|N]             B    Access  vector: Local, Adjacent net-
              work, Network

              AC:[H|M|L]            B   Access complexity: High, Medium, Low

              AU:[M|S|N]             B    Required  authentication:   Multiple
              instances, Single instance, None

              C:[N|P|C]             B   Confidentiality impact: None, Partial,
              Complete

              I:[N|P|C]             B   Integrity impact: None, Partial,  Com-
              plete

              A:[N|P|C]              B    Availability  impact: None, Partial,
              Complete

              E:[ND|U|POC|F|H]      T   Exploitability: Not Defined, Unproven,
              Proof of Concept, Functional, High

              RL:[ND|OF|TF|W|U]      T   Remediation Level: Not Defined, Offi-
              cial Fix, Temporary Fix, Workaround, Unavailable

              RC:[ND|UC|UR|C]       T   Report Confidence: Not Defined, Uncon-
              firmed, Uncorroborated, Confirmed

              CDP:[ND|N|L|LM|MH|H]    E    Collateral  Damage  Potential:  Not
              Defined, None, Low, Low-Medium, Medium-High, High

              TD:[ND|N|L|M|H]        E    Target  Distribution:  Not  Defined,
              None, Low, Medium, High

              CR:[ND|L|M|H]           E     Confidentiality  requirement:  Not
              Defined, Low, Medium, High

              IR:[ND|L|M|H]         E   Integrity  requirement:  Not  Defined,
              Low, Medium, High

              AR:[ND|L|M|H]         E   Availability requirement: Not Defined,
              Low, Medium, High

DS OPERATIONS
       sds-compose [options] SOURCE_XCCDF TARGET_SDS
              Creates a  source  datastream  from  the  XCCDF  file  given  in
              SOURCE_XCCDF  and  stores the result in TARGET_SDS. Dependencies
              like OVAL files are automatically detected and bundled in target
              source datastream.

              --skip-valid
                     Do not validate input/output files.

       sds-add [options] NEW_COMPONENT EXISTING_SDS
              Adds  given NEW_COMPONENT file to the existing source datastream
              (EXISTING_SDS). Component file might be OVAL, XCCDF or CPE  Dic-
              tionary  file.  Dependencies  like  OVAL files are automatically
              detected  an bundled in target source datastream.

              --datastream-id DATASTREAM_ID
                     Uses a datastream with that particular ID from the  given
                     datastream  collection. If not given the first datastream
                     is used.

              --skip-valid
                     Do not validate input/output files.

       sds-split [options] SOURCE_DS TARGET_DIR
              Splits given source datastream into multiple  files  and  stores
              all the files in TARGET_DIR.

              --datastream-id DATASTREAM_ID
                     Uses  a datastream with that particular ID from the given
                     datastream collection. If not given the first  datastream
                     is used.

              --xccdf-id XCCDF_ID
                     Takes  component  ref with given ID from checklists. This
                     allows to select a particular  XCCDF  component  even  in
                     cases where there are 2 XCCDFs in one datastream.

              --skip-valid
                     Do not validate input/output files.

       sds-validate SOURCE_DS
              Validate  given  source  datastream  file  against a XML schema.
              Every found error is printed to the standard error. Return  code
              is  0  if validation succeeds, 1 if validation could not be per-
              formed due to some error, 2 if  the  source  datastream  is  not
              valid.

       rds-create   [options]   SDS   TARGET_ARF  XCCDF_RESULTS  [OVAL_RESULTS
       [OVAL_RESULTS ..]]
              Takes given source datastream, XCCDF and OVAL results  and  cre-
              ates  a  result datastream (in Asset Reporting Format) and saves
              it to file given in TARGET_ARF.

              --skip-valid
                     Do not validate input/output files.

       rds-split [options] [--report-id REPORT_ID] RDS TARGET_DIR
              Takes given result datastream (also called ARF = asset reporting
              format)  and  splits  given  report  and  its respective report-
              request to given target directory. If no report-id is given,  we
              assume  user wants the first applicable report in top-down order
              in the file.

              --skip-valid
                     Do not validate input/output files.

       rds-validate SOURCE_RDS
              Validate given result datastream  file  against  a  XML  schema.
              Every  found error is printed to the standard error. Return code
              is 0 if validation succeeds, 1 if validation could not  be  per-
              formed  due  to  some  error,  2 if the result datastream is not
              valid.


CVE OPERATIONS
       validate cve-nvd-feed.xml
              Validate given CVE data feed.

       find CVE cve-nvd-feed.xml
              Find given CVE in data feed and report base score, vector string
              and vulnerable software list.


EXIT STATUS
       Normally, the exit status is 0 when operation finished successfully and
       1 otherwise. In cases when oscap performs evaluation of the  system  it
       may  return  2  indicating success of the operation but incompliance of
       the assessed system.


EXAMPLES
       Evaluate XCCDF content using CPE dictionary and produce html report. In
       this  case  we  use  United  States  Government  Configuration Baseline
       (USGCB) for Red Hat Enterprise Linux 5 Desktop.

               oscap xccdf eval --fetch-remote-resources --oval-results \
                       --profile united_states_government_configuration_baseline \
                       --report usgcb-rhel5desktop.report.html \
                       --results usgcb-rhel5desktop-xccdf.xml.result.xml \
                       --cpe usgcb-rhel5desktop-cpe-dictionary.xml \
                       usgcb-rhel5desktop-xccdf.xml

CONTENT
        National             Vulnerability             Database              -
       http://web.nvd.nist.gov/view/ncp/repository

        Red Hat content repository - http://www.redhat.com/security/data/oval/



REPORTING BUGS
       Please report bugs using https://github.com/OpenSCAP/openscap/issues
       Make sure you include the full output of `oscap --v` in the bug report.


AUTHORS
       Peter Vrabec <pvrabec@redhat.com>
       imon Lukak
       Martin Preisler <mpreisle@redhat.com>



ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+------------------------------+
       |ATTRIBUTE TYPE |       ATTRIBUTE VALUE        |
       +---------------+------------------------------+
       |Availability   | security/compliance/openscap |
       +---------------+------------------------------+
       |Stability      | Uncommitted                  |
       +---------------+------------------------------+
NOTES
       This     software     was    built    from    source    available    at
       https://github.com/oracle/solaris-userland.   The  original   community
       source    was    downloaded   from    https://github.com/OpenSCAP/open-
       scap/releases/download/1.2.9/openscap-1.2.9.tar.gz

       Further information about this software can be found on the open source
       community website at http://www.open-scap.org.



Red Hat                            Jan 2016                           OSCAP(8)