The last few releases of the scap-security-guide have changed dramatically which has force changes in the way that the guide may be applied to the CentOS 7 or CentOS 8 system.  The RHEL 7 has also made changes, but the largest one seems to be the direction in which the scap-security-guide handles STIG and CUI and CentOS.

scap-security-guide

Install

yum install scap-security-guide

Versions

0.1.40 – ssg-centos7-ds.xml Contains the xccdf_org.ssgproject.content_profile_stig-rhel7-disa  (installable via yum)

No work-a-round needed.

oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report report.html ssg-centos7-ds.xml

0.1.43 – removed from CentOS7 (installable via yum)

Work-a-round

sed -i.bak -r -e "s/<platform.*//g" ssg-rhel7-ds.xm
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report report.html ssg-rhel7-ds.xml

0.1.46  / 0.1.47 / 0.1.48 – removed from CentOS7

wget https://github.com/ComplianceAsCode/content/releases/download/v0.1.46/scap-security-guide-0.1.46-oval-5.10.zip
unzip *.zip

Work-a-round

sed -i.bak "s/<ns10:platform idref.*//g" ssg-rhel7-ds.xml
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --report report.html ssg-rhel7-ds.xml

0.1.53 – removed from CentOS7

wget https://github.com/ComplianceAsCode/content/releases/download/v0.1.53/scap-security-guide-0.1.53.zip
unzip scap-security-guide-0.1.53.zip
cd scap-security-guide-0.1.53

Work-a-round

sed -i.bak "s/<xccdf-1.2:platform idref.*//g" ssg-rhel8-ds-1.2.xml
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cui --report /tmp/report.html ssg-rhel8-ds-1.2.xml

Source(s)

• https://github.com/ComplianceAsCode/content/releases
• https://community.rsa.com/docs/DOC-106196