Chapter 11 Performing OpenSCAP Auditing of Client Systems

Note

The client system must permit the Spacewalk server to run remote commands. See Section 6.4, “Enabling Remote Configuration in a Kickstart Profile Using the Spacewalk Web Interface” and Section 6.6, “Enabling Remote Configuration Manually for Non-managed Client Systems”.

To be able to run OpenSCAP scans on a client system, install the spacewalk-oscap package on that system.

You can use the OpenSCAP tools to audit Spacewalk clients. You can use the SCAP Security Guide, which is provided with Oracle Linux 6 and Oracle Linux 7, or any OpenSCAP compliant eXtensible Configuration Checklist Description Format (XCCDF) or Open Vulnerability and Assessment Language (OVAL) files. The scap-security-guide package, which is available for Oracle Linux 6 and Oracle Linux 7, provides SCAP Security Guides that have been updated to include Common Platform Enumeration (CPE) definitions for Oracle Linux.

For more information about using OpenSCAP compliance checking with Oracle Linux, see Running OpenSCAP Compliance Checks on Oracle Linux.