Cradicle Explorer
customscripts
/ scap_ubuntu.md
scap_ubuntu.md
  1  # Install openscap tools on Ubuntu
  2  * [https://www.open-scap.org/](https://www.open-scap.org/)
  3  ```bash
  4  apt install libopenscap8
  5  ```
  6  # Download SCAP file for matching device, operating system or software.
  7  * [https://public.cyber.mil/stigs/scap/](https://public.cyber.mil/stigs/scap/)
  8  Example use of oscap tool with SCAP 1.2 Content for Ubuntu 18.04:
  9  
 10  ```bash
 11  oscap info U_CAN_Ubuntu_18-04_V2R3_STIG_SCAP_1-2_Benchmark.xml
 12  ```
 13  Details shown are as follows:
 14  ```bash
 15  Document type: Source Data Stream
 16  Imported: 2021-06-21T21:37:43
 17  
 18  Stream: scap_mil.disa.stig_datastream_U_CAN_Ubuntu_18-04_V2R3_STIG_SCAP_1-2_Benchmark
 19  Generated: 2021-06-21T21:37:43
 20  Version: 1.2
 21  Checklists:
 22  	Ref-Id: scap_mil.disa.stig_cref_U_CAN_Ubuntu_18-04_V2R3_STIG_SCAP_1-2_Benchmark-xccdf.xml
 23  		Status: accepted
 24  		Generated: 2021-06-16
 25  		Resolved: false
 26  		Profiles:
 27  			Title: I - Mission Critical Classified
 28  				Id: xccdf_mil.disa.stig_profile_MAC-1_Classified
 29  			Title: I - Mission Critical Public
 30  				Id: xccdf_mil.disa.stig_profile_MAC-1_Public
 31  			Title: I - Mission Critical Sensitive
 32  				Id: xccdf_mil.disa.stig_profile_MAC-1_Sensitive
 33  			Title: II - Mission Support Classified
 34  				Id: xccdf_mil.disa.stig_profile_MAC-2_Classified
 35  			Title: II - Mission Support Public
 36  				Id: xccdf_mil.disa.stig_profile_MAC-2_Public
 37  			Title: II - Mission Support Sensitive
 38  				Id: xccdf_mil.disa.stig_profile_MAC-2_Sensitive
 39  			Title: III - Administrative Classified
 40  				Id: xccdf_mil.disa.stig_profile_MAC-3_Classified
 41  			Title: III - Administrative Public
 42  				Id: xccdf_mil.disa.stig_profile_MAC-3_Public
 43  			Title: III - Administrative Sensitive
 44  				Id: xccdf_mil.disa.stig_profile_MAC-3_Sensitive
 45  			Title: CAT I Only
 46  				Id: xccdf_mil.disa.stig_profile_CAT_I_Only
 47  		Referenced check files:
 48  			U_CAN_Ubuntu_18-04_V2R3_STIG_SCAP_1-2_Benchmark-oval.xml
 49  				system: http://oval.mitre.org/XMLSchema/oval-definitions-5
 50  Checks:
 51  	Ref-Id: scap_mil.disa.stig_cref_U_CAN_Ubuntu_18-04_V2R3_STIG_SCAP_1-2_Benchmark-oval.xml
 52  	Ref-Id: scap_mil.disa.stig_cref_U_CAN_Ubuntu_18-04_V2R3_STIG_SCAP_1-2_Benchmark-cpe-oval.xml
 53  Dictionaries:
 54  	Ref-Id: scap_mil.disa.stig_cref_U_CAN_Ubuntu_18-04_V2R3_STIG_SCAP_1-2_Benchmark-cpe-dictionary.xml
 55  ```
 56  Using these details create your scan utilizing the PROFILE_ID, ARF_FILE, REPORT_FILE and SOURCE_DATA_STREAM_FILE as follows:
 57  * [https://static.open-scap.org/openscap-1.3/oscap_user_manual.html#_getting_scap_content](https://static.open-scap.org/openscap-1.3/oscap_user_manual.html#_getting_scap_content)
 58  ```bash
 59  oscap xccdf eval \
 60  --profile PROFILE_ID \
 61  --results-arf ARF_FILE \
 62  --report REPORT_FILE SOURCE_DATA_STREAM_FILE
 63  ```
 64  * PROFILE_ID is the ID of an XCCDF profile
 65  * ARF_FILE is the file path where the results in SCAP results data stream format (ARF) will be generated
 66  * REPORT_FILE is the file path where a report in HTML format will be generated
 67  * SOURCE_DATA_STREAM_FILE is the file path of the evaluated SCAP source data stream
 68  
 69  For example
 70  ```bash
 71  oscap xccdf eval \
 72  --profile xccdf_mil.disa.stig_profile_MAC-1_Public \
 73  --results-arf arf.xml \
 74  --report report.html \
 75  U_CAN_Ubuntu_18-04_V2R3_STIG_SCAP_1-2_Benchmark.xml
 76  
 77  ```
 78  Use firefox to view report
 79  ```bash
 80  firefox report.html
 81  ```
 82  # Use --stig-viewer option for evaulating an SCAP data stream other than a STIG provided by DISA.
 83  Get info first for profile from STIG
 84  * [https://public.cyber.mil/stigs/](https://public.cyber.mil/stigs/)
 85  ```bash
 86  oscap info U_CAN_Ubuntu_20-04_LTS_V1R1_Manual_STIG/U_CAN_Ubuntu_20-04_LTS_STIG_V1R1_Manual-xccdf.xml 
 87  ```
 88  
 89  ```bash
 90  oscap xccdf eval \
 91  --profile MAC-2_Public \
 92  --stig-viewer results-stig.xml U_CAN_Ubuntu_20-04_LTS_V1R1_Manual_STIG/U_CAN_Ubuntu_20-04_LTS_STIG_V1R1_Manual-xccdf.xml 
 93  ```
 94  # Run remediation with SCAP data stream
 95  ```bash
 96  oscap xccdf eval \
 97  --remediate --profile xccdf_mil.disa.stig_profile_MAC-1_Public \
 98  --results scan-xccdf-remediate-results.xml \
 99  U_CAN_Ubuntu_18-04_V2R3_STIG_SCAP_1-2_Benchmark.xml 
100  ```
101  Check the results:
102  ```bash
103  oscap info scan-xccdf-remediate-results.xml
104  ```