# SUSE Linux OpenSCAP scan ## 安裝套件 ``` # 在要 scan 的機器上安裝套件 $ sudo zypper in -y openscap-utils scap-security-guide ``` ## 透過 OSCAP 掃描 SUSE Linux Enterprise system ``` $ sudo oscap xccdf eval \ --profile stig \ --results /tmp/results.xml \ --report /tmp/report.html \ /usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml ``` * 將 report.html 檔案匯出可以在瀏覽器觀看 ``` $ ls -l /tmp -rw-r--r-- 1 root root 6223971 May 30 12:43 report.html -rw-r--r-- 1 root root 11235997 May 30 12:43 results.xml ```  ## 透過 suma 掃描 * 安裝套件 ``` $ sudo zypper in -y openscap-utils scap-security-guide ```  * 確認套件已安裝 ``` $ sudo zypper info openscap-utils scap-security-guide ```  * 在要 scan 的機器上設以下指令 ``` --profile xccdf_org.ssgproject.content_profile_stig ``` ``` /usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml ```  * 查看報表   ## 參考文件 https://documentation.suse.com/suma/4.3/en/suse-manager/administration/openscap.html#_prepare_clients_for_an_scap_scan