salt.modules.openscap¶
Module for OpenSCAP Management
- salt.modules.openscap.xccdf(params)¶
Run
oscap xccdfcommands on minions. It uses cp.push_dir to upload the generated files to the salt master in the master's minion files cachedir (defaults to/var/cache/salt/master/minions/minion-id/files)It needs
file_recvset toTruein the master configuration file.CLI Example:
salt '*' openscap.xccdf "eval --profile Default /usr/share/openscap/scap-yast2sec-xccdf.xml"
- salt.modules.openscap.xccdf_eval(xccdffile, ovalfiles=None, profile=None, rule=None, oval_results=None, results=None, report=None, fetch_remote_resources=None, tailoring_file=None, tailoring_id=None, remediate=None)¶
Run
oscap xccdf evalcommands on minions.New in version 3007.0.
It uses cp.push_dir to upload the generated files to the salt master in the master's minion files cachedir (defaults to
/var/cache/salt/master/minions/minion-id/files)It needs
file_recvset toTruein the master configuration file.- xccdffile
the path to the xccdf file to evaluate
- ovalfiles
additional oval definition files
- profile
the name of Profile to be evaluated
- rule
the name of a single rule to be evaluated
- oval_results
save OVAL results as well (True or False)
- results
write XCCDF Results into given file
- report
write HTML report into given file
- fetch_remote_resources
download remote content referenced by XCCDF (True or False)
- tailoring_file
use given XCCDF Tailoring file
- tailoring_id
use given DS component as XCCDF Tailoring file
- remediate
automatically execute XCCDF fix elements for failed rules. Use of this option is always at your own risk. (True or False)
CLI Example:
salt '*' openscap.xccdf_eval /usr/share/openscap/scap-yast2sec-xccdf.xml profile=Default
