1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
#!/usr/bin/env bash
# Copyright 2016 Red Hat Inc., Durham, North Carolina.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#
# Authors:
# Martin Preisler <mpreisle@redhat.com>
function die()
{
echo "$*" >&2
exit 1
}
function invalid()
{
echo -e "$*\n" >&2
usage
exit 1
}
function usage()
{
echo "oscap-chroot -- Tool for offline SCAP evaluation of filesystems mounted in arbitrary paths."
echo
echo "Usage:"
echo
echo "$ oscap-chroot CHROOT_PATH xccdf eval [options] INPUT_CONTENT"
echo
echo "supported oscap xccdf eval options are:"
echo " --profile"
echo " --tailoring-file"
echo " --tailoring-id"
echo " --cpe (external OVAL dependencies are not supported yet!)"
echo " --oval-results"
echo " --check-engine-results"
echo " --results"
echo " --results-arf"
echo " --report"
echo " --skip-validation"
echo " --fetch-remote-resources"
echo " --local-files"
echo " --progress"
echo " --datastream-id"
echo " --xccdf-id"
echo " --benchmark-id"
echo
echo "$ oscap-chroot CHROOT_PATH oval eval [options] INPUT_CONTENT"
echo
echo "supported oscap oval eval options are:"
echo " --id"
echo " --variables"
echo " --directives"
echo " --results"
echo " --report"
echo " --skip-validation"
echo " --datastream-id"
echo " --oval-id"
echo
echo "$ oscap-chroot CHROOT_PATH oval collect [options] INPUT_CONTENT"
echo
echo "supported oscap oval collect options are:"
echo " --id"
echo " --syschar"
echo " --variables"
echo " --skip-validation"
echo
echo "See \`man oscap\` to learn more about semantics of these options."
}
if [ $# -lt 1 ]; then
invalid "No arguments provided."
elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
usage
exit 0
elif [ "$#" -gt 1 ]; then
true
else
invalid "Invalid arguments provided."
fi
# Learn more at https://www.redhat.com/archives/open-scap-list/2013-July/msg00000.html
export OSCAP_PROBE_ROOT
OSCAP_PROBE_ROOT="$(cd "$1" && pwd)" || die "Invalid CHROOT_PATH argument."
export OSCAP_EVALUATION_TARGET="chroot://$OSCAP_PROBE_ROOT"
shift 1
oscap "$@"
EXIT_CODE=$?
exit $EXIT_CODE
|
