OpenSCAP scanner 0.9.2 introduces a new function.

In the SCAP world, there is a handful of standards and file formats. The oscap tool can process increasing number of them, but user still needs to know what is what and which option to use. Situation partially improves with emerge of DataStreams, but still DataStreams are rather rare.

If you are unsure how to use a particular file, you can either open and read the file, or you can you use this new info module of OpenSCAP which parses the file and extracts relevant information for you. The info module determines SCAP content type, specification version, date of creation, date of import and so on. Further, for an XCCDF or a Datastream file, info module prints out IDs of incorporated profiles, components, and datastreams. These IDs can be used to specify the target for evaluation. Use options --profile, --xccdf-id (or --oval-id), and --datastream-id respectively.

Here is an example of the info module output, when applied to a testing Source DataStream.

$ oscap info example-sds.xml
Document type: Source Data Stream
Imported: 2012-12-01T18:22:50

Stream: scap_org.open-scap_datastream_tst
Generated: (null)
Version: 1.2
Checklists:
    Ref-Id: scap_org.open-scap_cref_first-xccdf.xml
    Ref-Id: scap_org.open-scap_cref_second-xccdf.xml
            Profile: xccdf_moc.elpmaxe.www_profile_1
            Profile: xccdf_moc.elpmaxe.www_profile_2
Checks:
    Ref-Id: scap_org.open-scap_cref_stub-oval.xml
No dictionaries.

Example of evaluation using the given info.

$ oscap xccdf eval \
    --results-arf my-scan-result-arf.xml \
    --datastream-id scap_org.open-scap_datastream_tst \
    --xccdf-id scap_org.open-scap_cref_second-xccdf.xml2 \
    --profile xccdf_moc.elpmaxe.www_profile_2 \
    example-sds.xml

OpenSCAP community strives to improve the usability of their scanner. If you have an idea on how to improve the tool or library, don’t hesitate and contact them on the mailing list. I did with this info module and it worked. :)