wodle name=”open-scap”

XML section name

<wodle name="open-scap">
</wodle>

Configuration options of the OpenSCAP wodle.

Options

Main options

Main options Allowed values
disabled yes, no
timeout A positive number (seconds)
content N/A

Scheduling options

disabled

Disables the OpenSCAP wodle.

Default value no
Allowed values yes, no

timeout

Timeout for each evaluation.

Default value 1800
Allowed values A positive number (seconds)

content

Define an evaluation.

Attributes

type Select content type: xccdf or oval.
path

Use the specified policy file (DataStream, XCCDF or OVAL).

Default path: /var/ossec/wodles/oscap/content

timeout

Timeout for the evaluation (in seconds).

Use of this attribute overwrites the generic timeout.

xccdf-id XCCDF id.
oval-id OVAL id.
datastream-id Datastream id.
cpe

CPE dictionary file.

Default path: /var/ossec/wodles/oscap/content

profile Select profile.

scan-on-start

Run evaluation immediately when service is started.

Default value yes
Allowed values yes, no

interval

Interval between OpenSCAP executions.

Default value 1d
Allowed values A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days), M (months).

day

Day of the month to run the scan.

Default value n/a
Allowed values Day of the month [1..31]

Note

When the day option is set, the interval value must be a multiple of months. By default, the interval is set to a month.

wday

Day of the week to run the scan. This option is not compatible with the day option.

Default value n/a
Allowed values
Day of the week:
  • sunday/sun
  • monday/mon
  • tuesday/tue
  • wednesday/wed
  • thursday/thu
  • friday/fri
  • saturday/sat

Note

When the wday option is set, the interval value must be a multiple of weeks. By default, the interval is set to a week.

time

Time of the day to run the scan. It has to be represented in the format hh:mm.

Default value n/a
Allowed values Time of day [hh:mm]

Note

When only the time option is set, the interval value must be a multiple of days or weeks. By default, the interval is set to a day.

Example of configuration

<wodle name="open-scap">

  <timeout>1800</timeout>
  <interval>1d</interval>
  <scan-on-start>yes</scan-on-start>

  <content type="xccdf" path="ssg-centos-7-ds.xml"/>
  <content type="xccdf" path="ssg-centos-6-ds.xml"/>

</wodle>