This tutorial will go through how to install OpenSCAP on OpenSUSE. OpenSCAP is an auditing tool that makes use of the XCCDF (Extensible Configuration Checklist Description Format) to define security. OpenSCAP also uses other specifications such as CPE, CCE, and OVAL to produce a SCAP-expressed checklist that can be processed by SCAP-validated products.
How to Install OpenSCAP on OpenSUSE
- On your terminal, run the command below to update system packages.
sudo zypper update- Install OpenSCAP on OpenSUSE using the following command.
sudo zypper install openscap-utilsSample output
Loading repository data...
Reading installed packages...
Resolving package dependencies...
The following 3 NEW packages are going to be installed:
libopenscap25 openscap openscap-utils
3 new packages to install.
Overall download size: 2.1 MiB. Already cached: 0 B. After the operation,
additional 65.6 MiB will be used.
Continue? [y/n/v/...? shows all options] (y): y
Retrieving package libopenscap25-1.3.5-150400.9.8.x86_64
(1/3), 437.1 KiB ( 1.3 MiB unpacked)
Retrieving: libopenscap25-1.3.5-150400.9.8.x86_64.rpm ..[done (143.7 KiB/s)]
Retrieving package openscap-1.3.5-150400.9.8.x86_64
(2/3), 1.6 MiB ( 64.1 MiB unpacked)
Retrieving: openscap-1.3.5-150400.9.8.x86_64.rpm ........[done (71.6 KiB/s)]
Retrieving package openscap-utils-1.3.5-150400.9.8.x86_64
(3/3), 97.7 KiB (176.3 KiB unpacked)
Retrieving: openscap-utils-1.3.5-150400.9.8.x86_64.rpm ..[done (42.4 KiB/s)]
Checking for file conflicts: .........................................[done]
(1/3) Installing: libopenscap25-1.3.5-150400.9.8.x86_64 ..............[done]
(2/3) Installing: openscap-1.3.5-150400.9.8.x86_64 ...................[done]
(3/3) Installing: openscap-utils-1.3.5-150400.9.8.x86_64 .............[done]
- Next, install the SCAP security guide.
sudo zypper install scap-security-guideSample output
Loading repository data...
Reading installed packages...
Resolving package dependencies...
The following NEW package is going to be installed:
scap-security-guide
1 new package to install.
Overall download size: 4.0 MiB. Already cached: 0 B. After the operation,
additional 166.2 MiB will be used.
Continue? [y/n/v/...? shows all options] (y): y
Retrieving package scap-security-guide-0.1.63-150000.1.45.1.noarch
(1/1), 4.0 MiB (166.2 MiB unpacked)
Retrieving: scap-security-guide-0.1.63-150000.1.45.1.noar[done (220.8 KiB/s)]
Checking for file conflicts: ..........................................[done]
(1/1) Installing: scap-security-guide-0.1.63-150000.1.45.1.noarch .....[done]
- The SCAP security guides will be in the
/usr/share/xml/scap/ssg/contentdirectory after the installation.
ls /usr/share/xml/scap/ssg/content/Sample output
ssg-opensuse-cpe-dictionary.xml ssg-sle12-ocil.xml ssg-opensuse-cpe-oval.xml ssg-sle12-oval.xml ssg-opensuse-ds-1.2.xml ssg-sle12-xccdf.xml ssg-opensuse-ds.xml ssg-sle15-cpe-dictionary.xml ssg-opensuse-ocil.xml ssg-sle15-cpe-oval.xml ssg-opensuse-oval.xml ssg-sle15-ds-1.2.xml ssg-opensuse-xccdf.xml ssg-sle15-ds.xml ssg-sle12-cpe-dictionary.xml ssg-sle15-ocil.xml ssg-sle12-cpe-oval.xml ssg-sle15-oval.xml ssg-sle12-ds-1.2.xml ssg-sle15-xccdf.xml ssg-sle12-ds.xml
- You can also view the description of a specific SCAP security guide e.g.
ssg-sle15-ds-1.2.xmlusing the following command.
oscap info /usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xmlSample output
Document type: Source Data Stream
Imported: 2022-08-04T15:43:09
Stream: scap_org.open-scap_datastream_from_xccdf_ssg-sle15-xccdf-1.2.xml
Generated: (null)
Version: 1.2
Checklists:
Ref-Id: scap_org.open-scap_cref_ssg-sle15-xccdf-1.2.xml
Status: draft
Generated: 2022-08-04
Resolved: true
Profiles:
Title: ANSSI-BP-028 (intermediary)
Id: xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
Title: ANSSI-BP-028 (minimal)
Id: xccdf_org.ssgproject.content_profile_anssi_bp28_minmal
Title: CIS SUSE Linux Enterprise 15 Benchmark for Level 2 - Server
Id: xccdf_org.ssgproject.content_profile_cis
Title: CIS SUSE Linux Enterprise 15 Benchmark for Level 1 - Server
Id: xccdf_org.ssgproject.content_profile_cis_server_l1
Title: CIS SUSE Linux Enterprise 15 Benchmark for Level 1 - Workstation
Id: xccdf_org.ssgproject.content_profile_cis_workstation_l1
Title: CIS SUSE Linux Enterprise 15 Benchmark Level 2 - Workstation
Id: xccdf_org.ssgproject.content_profile_cis_workstation_l2
Title: Health Insurance Portability and Accountability Act (HIPAA)
Id: xccdf_org.ssgproject.content_profile_hipaa
Title: PCI-DSS v3.2.1 Control Baseline for SUSE Linux enterprise 15
Id: xccdf_org.ssgproject.content_profile_pci-dss
Title: Public Cloud Hardening for SUSE Linux Enterprise 15
Id: xccdf_org.ssgproject.content_profile_pcs-hardening
Title: Standard System Security Profile for SUSE Linux Enterprise 15
Id: xccdf_org.ssgproject.content_profile_standard
Title: DISA STIG for SUSE Linux Enterprise 15
Id: xccdf_org.ssgproject.content_profile_stig
Referenced check files:
ssg-sle15-oval.xml
system: http://oval.mitre.org/XMLSchema/oval-definitions-5
ssg-sle15-ocil.xml
system: http://scap.nist.gov/schema/ocil/2
https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.15.xml
system: http://oval.mitre.org/XMLSchema/oval-definitions-5
Checks:
Ref-Id: scap_org.open-scap_cref_ssg-sle15-oval.xml
Ref-Id: scap_org.open-scap_cref_ssg-sle15-ocil.xml
Ref-Id: scap_org.open-scap_cref_ssg-sle15-cpe-oval.xml
Dictionaries:
Ref-Id: scap_org.open-scap_cref_ssg-sle15-cpe-dictionary.xml
- You have made it to the end of our guide on how to install OpenSCAP on OpenSUSE.
Read more on OpenSCAP Documentation
Other Tutorials
Install Velociraptor on Ubuntu 22.04
Enable Authentication Authorization and Audit Logging in Apache Solr
