The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
Typically, you would use the oscap command with Spacewalk to perform scans. See Oracle® Linux 6: Security Guide and Oracle® Linux 7: Security Guide for more information about using this command.
To schedule a scan for a system or system group:
For a system:
Go to Systems, click the system name, select the Audit tab, and then select the Schedule tab.
For a system group:
Go to Systems and select System Groups.
Click the system group name.
On the Details page, click work with group.
Spacewalk loads the group into the System Set Manager.
Select the Audit tab.
On the Schedule New XCCDF Scan page, enter the scan settings in the following fields:
- Command
Enter the command to use for the scan. The default command is /usr/bin/oscap xccdf eval, which scans a system against a profile in an installed XCCDF checklist file.
To run an OVAL auditing scan, use the command /usr/bin/oscap oval eval. You can download OVAL definition files from https://linux.oracle.com/security.
- Command-line arguments
Enter any command-line arguments to the command that you are using to perform the scan. For example:
--profile server.- Path to XCCDF document
Enter the path of the XCCDF checklist file, for example
/usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml, or downloaded OVAL definition file, for examplecom.oracle.elsa-2014.xml.
Change the schedule if required, and click Schedule.
When the scan is complete, a summary of the results of the scan are displayed under the List Scans tab. Oracle recommends that you schedule regular scans to check for security regressions.