OpenSCAP Installation & Usage on Ubuntu
From Notes_Wiki
OpenSCAP Installation & Usage on Ubuntu 22.04
1. Update and Upgrade System Packages
sudo apt update && sudo apt upgrade -y
2. Install OpenSCAP
sudo apt install libopenscap8 -y
3. Verify Installation
which oscap
oscap -V
4. Download SCAP Security Guide (SSG)
sudo mkdir -p /usr/share/xml/scap/ssg/content
cd /usr/share/xml/scap/ssg/content
sudo wget https://github.com/ComplianceAsCode/content/releases/download/v0.1.69/scap-security-guide-0.1.69.zip
5. Install Unzip (if not already installed)
sudo apt install unzip -y
6. Extract SCAP Security Guide
sudo unzip scap-security-guide-0.1.69.zip
cd scap-security-guide-0.1.69/
ls
7. Display Available Security Profiles
oscap info ssg-ubuntu2004-ds-1.2.xml
8. Run Security Scan with STIG Profile
sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig \
--report report.html ssg-ubuntu2004-ds-1.2.xml
Troubleshooting
- oscap: command not found → Ensure `libopenscap8` is installed.
sudo apt install libopenscap8 -y
- unzip: command not found → Install unzip package.
sudo apt install unzip -y
- Permission denied → Run commands with `sudo`.
- Latest SCAP content for Ubuntu 22.04 not available → Use Ubuntu 20.04 content or check ComplianceAsCode GitHub Releases for newer versions.
Notes
- The provided SCAP content is for **Ubuntu 20.04**, but it can still be used on Ubuntu 22.04.
- Scan results will be saved in report.html and can be opened in a web browser.
- Profiles such as STIG, CIS, and others are included in the SCAP content. Use `oscap info` to list them.