wodle name=”open-scap”¶

XML section name

<wodle name="open-scap">
</wodle>

Configuration options of the OpenSCAP wodle.

Options¶

Main options¶

disabled
timeout
content

Main options	Allowed values
disabled	yes, no
timeout	A positive number (seconds)
content	N/A

Scheduling options¶

scan-on-start
interval
day
wday
time

disabled¶

Disables the OpenSCAP wodle.

Default value	no
Allowed values	yes, no

timeout¶

Timeout for each evaluation.

Default value	1800
Allowed values	A positive number (seconds)

content¶

Define an evaluation.

Attributes

type	Select content type: xccdf or oval.
path	Use the specified policy file (DataStream, XCCDF or OVAL). Default path: /var/ossec/wodles/oscap/content
timeout	Timeout for the evaluation (in seconds). Use of this attribute overwrites the generic timeout.
xccdf-id	XCCDF id.
oval-id	OVAL id.
datastream-id	Datastream id.
cpe	CPE dictionary file. Default path: /var/ossec/wodles/oscap/content
profile	Select profile.

scan-on-start¶

Run evaluation immediately when service is started.

Default value	yes
Allowed values	yes, no

interval¶

Interval between OpenSCAP executions.

Default value	1d
Allowed values	A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days), M (months).

day¶

Day of the month to run the scan.

Default value	n/a
Allowed values	Day of the month [1..31]

Note

When the day option is set, the interval value must be a multiple of months. By default, the interval is set to a month.

wday¶

Day of the week to run the scan. This option is not compatible with the day option.

Default value	n/a
Allowed values	Day of the week: sunday/sun monday/mon tuesday/tue wednesday/wed thursday/thu friday/fri saturday/sat

Note

When the wday option is set, the interval value must be a multiple of weeks. By default, the interval is set to a week.

time¶

Time of the day to run the scan. It has to be represented in the format hh:mm.

Default value	n/a
Allowed values	Time of day [hh:mm]

Note

When only the time option is set, the interval value must be a multiple of days or weeks. By default, the interval is set to a day.

Example of configuration¶

<wodle name="open-scap">

  <timeout>1800</timeout>
  <interval>1d</interval>
  <scan-on-start>yes</scan-on-start>

  <content type="xccdf" path="ssg-centos-7-ds.xml"/>
  <content type="xccdf" path="ssg-centos-6-ds.xml"/>

</wodle>