salt.modules.openscap

Module for OpenSCAP Management

salt.modules.openscap.xccdf(params)

Run oscap xccdf commands on minions. It uses cp.push_dir to upload the generated files to the salt master in the master's minion files cachedir (defaults to /var/cache/salt/master/minions/minion-id/files)

It needs file_recv set to True in the master configuration file.

CLI Example:

salt '*'  openscap.xccdf "eval --profile Default /usr/share/openscap/scap-yast2sec-xccdf.xml"
salt.modules.openscap.xccdf_eval(xccdffile, ovalfiles=None, profile=None, rule=None, oval_results=None, results=None, report=None, fetch_remote_resources=None, tailoring_file=None, tailoring_id=None, remediate=None)

Run oscap xccdf eval commands on minions.

New in version 3007.0.

It uses cp.push_dir to upload the generated files to the salt master in the master's minion files cachedir (defaults to /var/cache/salt/master/minions/minion-id/files)

It needs file_recv set to True in the master configuration file.

xccdffile

the path to the xccdf file to evaluate

ovalfiles

additional oval definition files

profile

the name of Profile to be evaluated

rule

the name of a single rule to be evaluated

oval_results

save OVAL results as well (True or False)

results

write XCCDF Results into given file

report

write HTML report into given file

fetch_remote_resources

download remote content referenced by XCCDF (True or False)

tailoring_file

use given XCCDF Tailoring file

tailoring_id

use given DS component as XCCDF Tailoring file

remediate

automatically execute XCCDF fix elements for failed rules. Use of this option is always at your own risk. (True or False)

CLI Example:

salt '*'  openscap.xccdf_eval /usr/share/openscap/scap-yast2sec-xccdf.xml profile=Default