Rocky 9.x OpenSCAP Installation & Usage on Rocky Linux
From Notes_Wiki
Home > Rocky Linux or CentOS > Rocky Linux 9.x > Creating Rocky 9.x OpenSCAP Installation & Usage on Rocky Linux
OpenSCAP Installation & Usage on Rocky Linux 9
1. Update System Packages
sudo dnf update -y
2. Install OpenSCAP and SCAP Security Guide
sudo dnf install -y openscap-scanner scap-security-guide
3. Verify Installation
which oscap
oscap -V
4. Locate SCAP Security Guide Files
SCAP content is available in:
/usr/share/xml/scap/ssg/content/
For Rocky Linux 9, you should see files like:
- ssg-rl9-ds.xml
- ssg-rhel9-ds.xml
5. List Available Security Profiles
oscap info /usr/share/xml/scap/ssg/content/ssg-rl9-ds.xml
6. Run a Compliance Scan
Example: Run STIG profile and generate an HTML report:
sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig \
--report report.html /usr/share/xml/scap/ssg/content/ssg-rl9-ds.xml
7. Optional: CIS Benchmark Example
sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis \
--report compliance-report.html /usr/share/xml/scap/ssg/content/ssg-rl9-ds.xml
Troubleshooting
- If results show many Not Applicable rules, ensure you are using the correct file (`ssg-rl9-ds.xml`) instead of the RHEL one.
- Run commands with `sudo` if permission errors occur.
Notes
- Reports (`.html`) can be opened in a web browser for detailed results.
- Profiles include STIG, CIS, ANSSI, etc.
References
Home > Rocky Linux or CentOS > Rocky Linux 9.x > Creating Rocky 9.x OpenSCAP Installation & Usage on Rocky Linux