ansible-role-openscap

Role to install the latest OpenSCAP.

The Security Content Automation Protocol (SCAP) is a U.S. standard created by the National Institute of Standards and Technology (NIST). SCAP provides guidelines for finding and fixing security weaknesses in systems.

SCAP helps with meeting FISMA Compliance requirements, and the National Vulnerability Database (NVD) is the official U.S. government source for SCAP information.

OpenSCAP is a tool that follows this standard, and its version 1.0.8 received "NIST SCAP 1.2 certification" in 2014. It was developed and is supported by Red Hat, so it is mainly used with Red Hat and CentOS operating systems. However, it is an open standard and is increasingly being used on other platforms as well.

Please note that this role will install OpenSCAP version 1.2.x, which has not yet been certified by NIST.

Quick start (testing with local Vagrant instances)

To simplify the use of OpenSCAP, you can refer to the GovReady toolkit role.

To install the latest OpenSCAP on your servers

Here’s an example of an openscap-playbook.yml file:

- name: Install OpenSCAP on all servers
  hosts: servers
  roles:
    - { role: CivicActions.openscap, become: true }

Run the following command:

ansible-playbook -i inventory openscap-playbook.yml