11.1 Performing OpenSCAP Auditing of Client Systems Using the Spacewalk Web Interface

Note

Typically, you would use the oscap command with Spacewalk to perform scans. See Using OpenSCAP to Scan for Vulnerabilities in the Oracle Linux 6 Security Guide for more information about using this command.

Figure 11.1 Schedule New XCCDF Scan Page

The image shows the Schedule New XCCDF Scan page of the Spacewalk web interface.

To schedule a scan for a system or system group:

  1. For a system:

    • Go to Systems, click the system name, select the Audit tab, and then select the Schedule tab.

    For a system group:

    1. Go to Systems and select System Groups.

    2. Click the system group name.

    3. On the Details page, click work with group.

      Spacewalk loads the group into the System Set Manager.

    4. Select the Audit tab.

  2. On the Schedule New XCCDF Scan page, enter the scan settings in the following fields:

    Command

    Enter the command to use for the scan. The default command is /usr/bin/oscap xccdf eval, which scans a system against a profile in an installed XCCDF checklist file.

    To run an OVAL auditing scan, use the command /usr/bin/oscap oval eval. You can download OVAL definition files from http://linux.oracle.com/security.

    Command-line arguments

    Enter any command-line arguments to the command that you are using to perform the scan. For example: --profile server.

    Path to XCCDF document

    Enter the path of the XCCDF checklist file, for example /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml, or downloaded OVAL definition file, for example com.oracle.elsa-2014.xml.

  3. Change the schedule if required, and click Schedule.

    When the scan is complete, a summary of the results of the scan are displayed under the List Scans tab. Oracle recommends that you schedule regular scans to check for security regressions.