8 Scanning Offline File Systems
To perform an offline scan of a mounted file system, use the oscap-chroot
utility. You can use oscap-chroot
for scanning custom objects that oscap-podman
can't work with, such as containers that use a different format or virtual machine disk files. The options for this tool are similar to those of the oscap
command.
For example, to audit a file system mounted at /mnt
audit using an OVAL definitions file, run the following command:
sudo oscap-chroot /mnt
oval eval --results /tmp/elsa-results-oval.xml \
--report elsa-report-oval.html com.oracle.elsa-2024.xml
See the oscap-chroot(8)
manual page for more information.