Feature Highlights
-
XCCDF 1.1 and 1.2 support
-
Source DataStream 1.2 support
-
XCCDF 1.2 Tailoring file support
-
Evaluation of local machine
-
Evaluation of remote machine (using SSH)
-
Limited tailoring support - selection, unselection and set value
-
Saving results as XCCDF 1.1 or 1.2 (depending on input) or ARF 1.1
-
Loading content bundle from RPM
-
Exporting content bundle as RPM or into a folder
Requirements
Build Dependencies
-
cmake >= 2.6
-
Qt4 (Core, GUI, XmlPatterns)
-
openscap >= 1.2.0
-
cmake-gui [optional]
Runtime Dependencies (workbench machine)
-
setsid
-
nice
-
ssh and scp (if you want remote scanning)
Runtime Dependencies (evaluated machine)
-
oscap >= 0.8.0
Installation
- From package repository (YUM)
-
# yum install scap-workbench
- From package repository (APT)
-
# apt-get install scap-workbench
- From source
-
-
$ mkdir build ; cd build
-
$ cmake ../
-
$ make
-
# make install
-
- From source (custom options)
-
-
$ mkdir build ; cd build
-
$ cmake-gui ../
-
(select appropriate options in cmake-gui)
-
$ make
-
# make install
-
Typical Use Case
Let us go over a common use case. Any section marked (optional) can be skipped if you do not need the feature explained in it.
Obtain SCAP content
Even before we start the workbench we need to find content to open. Probably the best choice right now is scap-security-guide [3].
It is possible that scap-security-guide has already been installed on your system as a dependency of scap-workbench. If it isn’t, install it:
- From the package repository (YUM)
-
# yum install scap-security-guide
- From the package repository (APT)
-
# apt-get install scap-security-guide
- From upstream source (for advanced users or content developers)
-
-
$ git clone https://github.com/OpenSCAP/scap-security-guide.git ; cd scap-security-guide
-
$ make
-
Alternative SCAP content (optional)
-
USGCB for RHEL5 - XCCDF and OVAL, only suitable for RHEL5.
-
SCE Community Content - Uses SCE, only suitable for Fedora.
Start SCAP Workbench
After installation a new application entry for SCAP Workbench should appear in your desktop environments application menu.
In case you cannot find any SCAP Workbench application icon / entry to click, press Alt+F2 to bring up the run command dialog (works in Gnome 3 and KDE 4), type 'scap-workbench' and confirm.
SCAP Workbench should start and if you installed scap-security-guide from your package repository, workbench will immediately open a dialog letting you choose which SSG variant you want to open.
For the remainder of this guide let us assume that you chose Fedora. All the instructions are similar on other variants.