The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
The oscap command has the following general syntax:
#oscap
[options
]module
operation
[operation_options_and_arguments
]
oscap supports the following module types:
- cpe
Performs operations using a Common Platform Enumeration (CPE) file.
- cve
Performs operations using a Common Vulnerabilities and Exposures (CVE) file.
- cvss
Performs operations using a Common Vulnerability Scoring System (CVSS) file.
- ds
Performs operations using a SCAP Data Stream (DS).
- info
Determines a file's type and prints information about the file.
- oval
Performs operations using an Open Vulnerability and Assessment Language (OVAL) file.
- xccdf
Performs operations using a file in eXtensible Configuration Checklist Description Format (XCCDF).
The info, oval, and xccdf modules are the most generally useful for scanning Oracle Linux systems.
The operations that oscap can perform depend on the module type. The following operations are the most generally useful with the oval and xccdf modules on Oracle Linux systems:
- eval
For an OVAL file, oscap probes the system, evaluates each definition in the file, and prints the results to the standard output.
For a specified profile in an XCCDF file, oscap tests the system against each rule in the file and prints the results to the standard output.
- generate
For an OVAL XML results file, generate report converts the specified file to an HTML report.
For an XCCDF file, generate guide outputs a full security guide for a specified profile.
- validate
Validates an OVAL or XCCDF file against an XML schema to check for errors.
For more information, see the oscap(8)
manual
page.