OpenSCAP Installation & Usage on Ubuntu

From Notes_Wiki

OpenSCAP Installation & Usage on Ubuntu 22.04

1. Update and Upgrade System Packages

sudo apt update && sudo apt upgrade -y

2. Install OpenSCAP

sudo apt install libopenscap8 -y

3. Verify Installation

which oscap
oscap -V

4. Download SCAP Security Guide (SSG)

sudo mkdir -p /usr/share/xml/scap/ssg/content
cd /usr/share/xml/scap/ssg/content
sudo wget https://github.com/ComplianceAsCode/content/releases/download/v0.1.69/scap-security-guide-0.1.69.zip

5. Install Unzip (if not already installed)

sudo apt install unzip -y

6. Extract SCAP Security Guide

sudo unzip scap-security-guide-0.1.69.zip
cd scap-security-guide-0.1.69/
ls

7. Display Available Security Profiles

oscap info ssg-ubuntu2004-ds-1.2.xml

8. Run Security Scan with STIG Profile

sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig \
--report report.html ssg-ubuntu2004-ds-1.2.xml

Troubleshooting

  • oscap: command not found → Ensure `libopenscap8` is installed.
sudo apt install libopenscap8 -y
  • unzip: command not found → Install unzip package.
sudo apt install unzip -y
  • Permission denied → Run commands with `sudo`.

Notes

  • The provided SCAP content is for **Ubuntu 20.04**, but it can still be used on Ubuntu 22.04.
  • Scan results will be saved in report.html and can be opened in a web browser.
  • Profiles such as STIG, CIS, and others are included in the SCAP content. Use `oscap info` to list them.

References