oscap/configuration¶
OpenSCAP packages, profile, and settings during OS Install
OpenSCAP is a framework for providing security auditing of an Operating System. This Param contains sections to be used to control the OpenSCAP profile installation options.
Use of this Param requires that the oscap/enabled
Param is set to true
.
There are two primary configuration sections of this Param object; the packages, and the profile.
Packages section¶
The Packages section defines an array of additional packages that should be installed during the kickstart/preseed process in support of the selected OpenSCAP profile that is installed. This is an array (list) of packages; one per element in the list.
Profile section¶
The profile section utilized key = value
pairs which are directly mapped
in to the Kickstart/Preseed to be used by the OpenSCAP tool to define the
configuration. This is an array (list) of strings, that should each contain
a key = value
configuration setting.
Example¶
Example configurations that complies with the PCI-DSS OpenSCAP profile configuration are below.
YAML Format example:
packages:
- aide
- libreswan
- opensc
- openscap
- openscap-scanner
- pcsc-lite
- scap-security-guide
profile:
- "content-type = scap-security-guide"
- "profile = xccdf_org.ssgproject.content_profile_pci-dss"
JSON Format example: