-
-
Save g0053/5fd1f4d166e3726f69eab8a031268c84 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Docs: | |
https://github.com/RedHatDemos/SecurityDemos/blob/master/2019Labs/RHELSecurityLab/documentation/lab1_OpenSCAP.adoc | |
### Generate the report first: | |
sudo oscap xccdf eval --oval-results --profile cis --results-arf /tmp/arf.xml --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml | |
### Now create the playbook based on the report: | |
oscap xccdf generate fix --fix-type ansible --result-id "" /tmp/arf.xml > playbook.yml | |
### Run the playbook against your server to force CIS compliance: | |
ansible-playbook -i hosts.ini playbook.yml --become | |
### Re-run the report and check the result: | |
sudo oscap xccdf eval --oval-results --profile cis --results-arf /tmp/arf.xml --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml | |
## Now your Centos 8 server is almost 95% compliant with the CIS benchmark! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment