OSCAP Information and Reference

3 OSCAP Information and Reference

You can obtain information about the installation of OSCAP that can help you understand how the tool is configured and what it provides. This information can be helpful when debugging issues within OSCAP.

The oscap command includes several sub commands that control different behaviors and enable the tool to interact with several different file types.

Displaying Information About OSCAP

Use oscap -V to display the following information about the OSCAP tool:

Supported SCAP specifications
Any loaded plugin capabilities
Locations of schema, CPE, and probe files
Inbuilt CPE names
Supported OVAL objects and associated SCAP probes

Sample output:

OpenSCAP command line tool (oscap) 1.4.2
Copyright 2009--2023 Red Hat Inc., Durham, North Carolina.

==== Supported specifications ====
SCAP Version: 1.3
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1

==== Capabilities added by auto-loaded plugins ====
No plugins have been auto-loaded...

==== Paths ====
Schema files: /usr/share/openscap/schemas
Default CPE files: /usr/share/openscap/cpe

==== Inbuilt CPE names ====
...

==== Supported OVAL objects and associated OpenSCAP probes ====
OVAL family   OVAL object                  OpenSCAP probe              
----------    ----------                   ----------                  
independent   environmentvariable          probe_environmentvariable
independent   environmentvariable58        probe_environmentvariable58
independent   family                       probe_family
...

Note:

Inbuilt Common Platform Enumeration (CPE) dictionaries are deprecated and will be removed in a future release. CPE dictionaries are used to provide standard naming schemes for hardware, software, and packages so that they can be easily referenced within code. CPE dictionaries can be included as part of a data stream and the dictionaries used for Oracle Linux platforms are included in the data stream files shipped in the scap-security-guide package.

oscap Command Reference

oscap Command Syntax

The general command syntax of oscap is:

oscap [options] module operation [operation_options_and_arguments]

oscap Command Modules

oscap works with the following modules:

cpe: Performs operations using a Common Platform Enumeration (CPE) file.
ds: Performs operations using a SCAP Data Stream (DS).
info: Shows a file's type and prints information about the file.
oval: Performs operations using an Open Vulnerability and Assessment Language (OVAL) file.
xccdf: Performs operations using a file in eXtensible Configuration Checklist Description Format (XCCDF).

oscap Command Module Operations

The most useful modules for scanning Oracle Linux systems are info, oval, and xccdf. When using the oval and xccdf modules, the most useful operations are:

eval

For an OVAL file, oscap probes the system, evaluates each definition in the file, and then prints the results to the standard output.

For a specified profile in an XCCDF file, oscap tests the system against each rule in the file and prints the results to the standard output.

generate

For an OVAL XML results file, generate report converts the specified file to an HTML report.

For an XCCDF file, generate guide outputs a full security guide for a specified profile.

validate

Validates an OVAL or XCCDF file against an XML schema to check for errors.

You can use the -h command option to view help for each sub command available. For example:

oscap -h
oscap xccdf -h
oscap xccdf generate -h

For more information, see the oscap(8) manual page.