Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jharley/docker-oscap-scanner
https://github.com/jharley/docker-oscap-scanner
Last synced: 10 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/jharley/docker-oscap-scanner
- Owner: jharley
- License: mit
- Created: 2019-06-27T19:54:29.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-06-28T20:51:30.000Z (over 5 years ago)
- Last Synced: 2024-10-12T01:21:17.069Z (2 months ago)
- Language: Dockerfile
- Size: 2.93 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# docker-oscap-scanner
Available on Docker Hub as [jharley/oscap-scanner](https://hub.docker.com/r/jharley/oscap-scanner).
A utility container to assist with doing remote OSCAP scans. The default entrypoint is the [oscap-ssh](https://github.com/OpenSCAP/openscap/blob/maint-1.3/utils/oscap-ssh) wrapper script.
The XML manifests are installed via the Ubuntu packages and are installed in the container at `/usr/share/scap-security-guide`.
The default SSH configuration passed to `oscap-ssh` disables host key verification to remove the need to do a host scan prior to running the utility. This can be overriden by setting `SSH_ADDITIONAL_OPTIONS`. The same variable is configured expecting that the SSH private key will be mounted in as `/ssh-identity`.
## Example Usage
The following performs an OSCAP scan of an Ubuntu 16.04 host using the "ANSSI NP-NT28 (High)" profile:
```shell
docker run -v `pwd`:/data -v ./my-ssh-identity.pem:/ssh-identity \
jharley/oscap-scanner --sudo ubuntu@target 22 xccdf \
eval --results /data/target-results-`date "+%Y-%m-%d-%s"`.xml \
--report /data/target-report-`date "+%Y-%m-%d-%s"`.html \
--profile xccdf_org.ssgproject.content_profile_anssi_np_nt28_high \
/usr/share/scap-security-guide/ssg-ubuntu1604-ds.xml
```