11.2 Performing OpenSCAP Auditing of Client Systems Using spacecmd

Note

spacecmd supports XCCDF scans but not OVAL scans. Instead, you can use Spacewalk's remote command execution facility to run oscap oval eval on Spacewalk clients. See Using OpenSCAP to Scan for Vulnerabilities in the Oracle Linux 6 Security Guide for more information about using the oscap command.

To schedule an XCCDF scan for systems, use the scap_schedulexccdfscan command.

spacecmd {SSM:0}> scap_schedulexccdfscan '/usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml' \
'profile server' svr1.mydom.com

To list scheduled auditing scans, use the schedule_list command. See Section 10.3, “Working with Scheduled Events”.

spacecmd {SSM:0}> schedule_list
ID      Date                 C    F    P     Action
--      ----                ---  ---  ---    ------
522     20150625T12:56:01     0    0    1    OpenSCAP xccdf scanning
...

To list the summary results of completed XCCDF scans, use the scap_listxccdfscans command:

spacecmd {SSM:0}> scap_listxccdfscans svr1.mydom.com

To list the details and results of an XCCDF scan, specified by its scan ID, use the scap_getxccdfscandetails and scap_getxccdfscanruleresults commands.

spacecmd {SSM:0}> scap_getxccdfscandetails scan_ID
spacecmd {SSM:0}> scap_getxccdfscanruleresults scan_ID