Chapter 11 Performing OpenSCAP Auditing of Client Systems

Note

The client system must permit the Spacewalk server to run remote commands. See Section 6.4, “Enabling Remote Configuration in a Kickstart Profile Using the Spacewalk Web Interface” and Section 6.6, “Enabling Remote Configuration Manually”.

To be able to run OpenSCAP scans on a client system, install the spacewalk-openscap package on that system.

You can use the OpenSCAP tools to audit Spacewalk clients. You can use the SCAP Security Guide, which is provided by the Extra Packages for Enterprise Linux (EPEL) project, or any OpenSCAP compliant eXtensible Configuration Checklist Description Format (XCCDF) or Open Vulnerability and Assessment Language (OVAL) files. The scap-security-guide package, which is available for Oracle Linux 6 and Oracle Linux 7, provides SCAP Security Guides that have been updated to include Common Platform Enumeration (CPE) definitions for Oracle Linux.