6.3 About the oscap Command

The oscap command has the following general syntax:

# oscap [options] module operation [operation_options_and_arguments]

oscap supports the following module types:

cpe

Performs operations using a Common Platform Enumeration (CPE) file.

cve

Performs operations using a Common Vulnerabilities and Exposures (CVE) file.

cvss

Performs operations using a Common Vulnerability Scoring System (CVSS) file.

ds

Performs operations using a SCAP Data Stream (DS).

info

Determines a file's type and prints information about the file.

oval

Performs operations using an Open Vulnerability and Assessment Language (OVAL) file.

xccdf

Performs operations using a file in eXtensible Configuration Checklist Description Format (XCCDF).

The info, oval, and xccdf modules are the most generally useful for scanning Oracle Linux systems.

The operations that oscap can perform depend on the module type. The following operations are the most generally useful with the oval and xccdf modules on Oracle Linux systems:

eval

For an OVAL file, oscap probes the system, evaluates each definition in the file, and prints the results to the standard output.

For a specified profile in an XCCDF file, oscap tests the system against each rule in the file and prints the results to the standard output.

generate

For an OVAL XML results file, generate report converts the specified file to an HTML report.

For an XCCDF file, generate guide outputs a full security guide for a specified profile.

validate

Validates an OVAL or XCCDF file against an XML schema to check for errors.

For more information, see the oscap(8) manual page.