wodle name=”open-scap”¶
XML section name
<wodle name="open-scap">
</wodle>
Configuration options of the OpenSCAP wodle.
Options¶
| Options | Allowed values |
|---|---|
| disabled | yes, no |
| timeout | A positive number (seconds) |
| interval | A positive number |
| scan-on-start | yes, no |
| content | N/A |
interval¶
Interval between OpenSCAP executions.
| Default value | 1d |
| Allowed values | A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days). |
scan-on-start¶
Run evaluation immediately when service is started.
| Default value | yes |
| Allowed values | yes, no |
content¶
Define an evaluation.
Attributes
| type | Select content type: xccdf or oval. |
| path | Use the specified policy file (DataStream, XCCDF or OVAL). Default path: /var/ossec/wodles/oscap/policies |
| timeout | Timeout for the evaluation (in seconds). Use of this attribute overwrites the generic timeout. |
| xccdf-id | XCCDF id. |
| oval-id | OVAL id. |
| datastream-id | Datastream id. |
| cpe | CPE dictionary file. Default path: /var/ossec/wodles/oscap/policies |
| profile | Select profile. |
Example of configuration¶
<wodle name="open-scap">
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<content type="xccdf" path="ssg-centos-7-ds.xml"/>
<content type="xccdf" path="ssg-centos-6-ds.xml"/>
</wodle>