Sys Maintenance: Generate the OpenSCAP Report

Document created by RSA Information Design and Development on Mar 22, 2017Last modified by RSA Information Design and Development on Aug 1, 2017
Version 8Show Document
  • View in full screen mode
  

Security Content Automation Protocol (SCAP) is a line of standards or rules managed by the National Institute of Standards and Technology (NIST). It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise.

The OpenSCAP report evaluates your environment against the SCAP rules. The results are sent to the HOSTNAME-ssg-results. (XML|HTML) depending on the output format you select.

Disable Rules in OpenSCAP Report that Hang the Report

There may be STIG rules that you do not want to include in the OpenSCAP report because they make the report hang. Use the following command to disable items on the SCAP report:

sed -i 's/select idref="rule-id" selected="true"/select idref="rule-id" selected="false"/g' /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml

where rule-id is the Rule ID that you can replace with the Rule ID that may hang during a test.

For example, the report has a rule id called partition_for_audit (shown as Rule ID: partition_for_audit). If you disable a rule, OpenSCAP does not check against that rule. This means that you need to check for compliance to the partition_for_audit rule manually.

Install OpenSCAP

For fresh installs, the OpenSCAP report is on the Image.

Sample Report

The following report is a sample section from an OpenSCAP report.

OpenSCAPRpt.png

Report Fields

                                                                                                             
SectionFieldDescription
Introduction - Test ResultResult IDThe Extensible Configuration Checklist Description Format (XCCDF) identifier of the report results. 
ProfileXCCDF profile under which the report results are categorized.
Start timeWhen the report started.
End timeWhen the report ended.
BenchmarkXCCDF benchmark
Benchmark versionVersion number of the benchmark.
Introduction - ScoresystemXCCDF scoring method.
scoreScore attained after running the report.
maxHighest score attainable.
%Score attained after running the report as a percentage.
barNot Applicable.
Results overview - Rule Results SummarypassPassed rule check.
fixedRule check that failed previously is now fixed.
failFailed rule check.
errorCould not perform rule check.
not selectedThis check was not applicable to your Security Analytics deployment.
not checkedRule could not be checked. There are several reasons why a rule cannot be checked.  For example, the rule check requires a check engine not supported by the OpenSCAP report.
not applicableRule check does not apply to your Security Analytics deployment.
informationalRule checks for informational purposes only (no action required for fail).
unknownReport was able to check the rule. Run steps manually as described in the report to check the rule.
totalTotal number of rules checked.
ExceptionsTitleName of rule being checked.
ResultValid values are pass, fixed, fail, error, not selected, not checked, not applicable, informational, or unknown.

Note: Results values are defined the Results overview - Rule Results Summary.

Create the OpenSCAP Report

The following tasks show you how to create the OpenSCAP Report in HTML, XML, or both HTML and XML.

Create Report in HTML Only

To create an OpenSCAP report in html only:

  1. SSH to the host.
  2. Submit the following commands:
    mkdir -p /opt/rsa/openscap
  3. Submit the following commands for report upgrades only:
    sed -i -r -e "s/<platform.*//g" /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
  4. Submit the following commands:
    oscap xccdf eval --profile "stig-rhel6-server-upstream" --report /tmp/`hostname`-ssg-results.html --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
  5. Open the report in your browser:
    /tmp/hostname-ssg-results.html

Create Report in XML Only

To create an OpenSCAP report in xml only:

  1. SSH to the host.
  2. Submit the following commands:
    mkdir -p /opt/rsa/openscap
  3. Submit the following command for report upgrades only:
    sed -i -r -e "s/<platform.*//g" /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
  1. Submit the following commands:
    oscap xccdf eval --profile "stig-rhel6-server-upstream" --results /tmp/`hostname`-ssg-results.xml --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml

Create Report in Both XML and HTML

To create an OpenSCAP report in both xml and html:

  1. SSH to the host.
  2. Submit the following commands:
    mkdir -p /opt/rsa/openscap
  3. Submit the following command for report upgrades only:
    sed -i -r -e "s/<platform.*//g" /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
  4. Submit the following commands:
    oscap xccdf eval --profile "stig-rhel6-server-upstream" --results /opt/rsa/openscap/`hostname`-ssg-results.xml --report /opt/rsa/openscap/`hostname`-ssg-results.html --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
You are here
Table of Contents > DISA STIG Hardening Guide > Procedures > Generate the OpenSCAP Report

Attachments

    Outcomes