wodle name=”open-scap”

XML section name

<wodle name="open-scap">
</wodle>

Configuration options of the OpenSCAP wodle.

Options

disabled
timeout
interval
scan-on-start
content

Options	Allowed values
disabled	yes, no
timeout	A positive number (seconds)
interval	A positive number
scan-on-start	yes, no
content	N/A

disabled

Disables the OpenSCAP wodle.

Default value	no
Allowed values	yes, no

timeout

Timeout for each evaluation.

Default value	1800
Allowed values	A positive number (seconds)

interval

Interval between OpenSCAP executions.

Default value	1d
Allowed values	A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days).

scan-on-start

Run evaluation immediately when service is started.

Default value	yes
Allowed values	yes, no

content

Define an evaluation.

Attributes

type	Select content type: xccdf or oval.
path	Use the specified policy file (DataStream, XCCDF or OVAL). Default path: /var/ossec/wodles/oscap/policies
timeout	Timeout for the evaluation (in seconds). Use of this attribute overwrites the generic timeout.
xccdf-id	XCCDF id.
oval-id	OVAL id.
datastream-id	Datastream id.
cpe	CPE dictionary file. Default path: /var/ossec/wodles/oscap/policies
profile	Select profile.

Example of configuration

<wodle name="open-scap">

  <timeout>1800</timeout>
  <interval>1d</interval>
  <scan-on-start>yes</scan-on-start>

  <content type="xccdf" path="ssg-centos-7-ds.xml"/>
  <content type="xccdf" path="ssg-centos-6-ds.xml"/>

</wodle>