Provided by: libopenscap8_1.2.15-1ubuntu0.4_amd64 bug

NAME

       oscap - OpenSCAP command line tool

SYNOPSIS

       oscap [general-options] module operation [operation-options-and-arguments]

DESCRIPTION

       oscap is Security Content Automation Protocol (SCAP) toolkit based on OpenSCAP library. It
       provides various functions for different SCAP specifications (modules).

       OpenSCAP tool claims to provide capabilities of Authenticated  Configuration  Scanner  and
       Authenticated  Vulnerability Scanner as defined by The National Institute of Standards and
       Technology.

GENERAL OPTIONS

       -V, --version
              Print supported SCAP specification, location of schema files, schematron files, CPE
              files, probes and supported OVAL objects.  Displays a list of inbuilt CPE names.

       -h, --help
              Help screen.

MODULES

       info   Determine type and print information about a file.

       xccdf  The eXtensible Configuration Checklist Description Format.

       oval   Open Vulnerability and Assessment Language.

       ds     SCAP Data Stream

       cpe    Common Platform Enumeration.

       cvss   Common Vulnerability Scoring System

       cve    Common Vulnerabilities and Exposures

INFO OPERATIONS

       [options] any-scap-file.xml
              This  module prints information about SCAP content in a file specified on a command
              line. It determines SCAP content type, specification  version,  date  of  creation,
              date  of  import  and  so on. Info module doesn't require any additional opperation
              switch.

              For XCCDF or Datastream files, info module prints out IDs of incorporated profiles,
              components,  and  datastreams.  These  IDs  can  be  used to specify the target for
              evaluation. Use options --profile, --xccdf-id (or --oval-id),  and  --datastream-id
              respectively.

              --fetch-remote-resources
                     Allow download of remote components referenced from Datastream.

XCCDF OPERATIONS

       eval [options] INPUT_FILE [oval-definitions-files]
              Perform evaluation of XCCDF document file given as INPUT_FILE. Print result of each
              rule to standard output, including rule title, rule id and security identifier(CVE,
              CCE).  Optionally  you can give a source datastream as the INPUT_FILE instead of an
              XCCDF file (see --datastream-id).

              oscap returns 0 if all rules pass. If there is  an  error  during  evaluation,  the
              return code is 1. If there is at least one rule with either fail or unknown result,
              oscap-scan finishes with return code 2.

              Unless --skip-valid  is  used,  the  INPUT_FILE  is  validated  using  XSD  schemas
              (depending on document type of INPUT_FILE) and rejected if invalid.

              You  may specify OVAL Definition files as the last parameter, XCCDF evaluation will
              then proceed only with those specified  files.  Otherwise,  when  oval-definitions-
              files  parameter  is missing, oscap tool will try to load all OVAL Definition files
              referenced from XCCDF automatically (search in the same path as XCCDF).

              --profile PROFILE
                     Select a particular profile from XCCDF document.

              --rule RULE
                     Select a particular rule  from  XCCDF  document.  Only  this  rule  will  be
                     evaluated.  Rule  will  use  values according to the selected profile. If no
                     profile is selected, default values are used.

              --tailoring-file TAILORING_FILE
                     Use  given  file  for  XCCDF  tailoring.  If   both   --tailoring-file   and
                     --tailoring-id are specified, --tailoring-file takes priority!

              --tailoring-id COMPONENT_ID
                     Use  component of given ID (in input source datastream) for XCCDF tailoring.
                     If both --tailoring-file and --tailoring-id are specified, --tailoring files
                     takes priority!

              --cpe CPE_FILE
                     Use  given  CPE  dictionary  or  language  (auto-detected) for applicability
                     checks. (Some CPE names are provided by openscap, see  oscap  --version  for
                     Inbuilt CPE names)

              --results FILE
                     Write XCCDF results into FILE.

              --results-arf FILE
                     Writes  results to a given FILE in Asset Reporting Format. It is recommended
                     to use this option instead of --results when dealing with datastreams.

              --thin-results
                     Thin Results  provides  only  minimal  amount  of  information  in  OVAL/ARF
                     results.  The option --without-syschar is automatically enabled when you use
                     Thin Results.

              --without-syschar
                     Don't provide system characteristics in OVAL/ARF result files.

              --report FILE
                     Write HTML report into FILE. You also have to  specify  --results  for  this
                     feature  to work. Please see --oval-results to enable additional information
                     in the report.

              --oval-results
                     Generate OVAL Result file for each OVAL session used  for  evaluation.  File
                     with  name 'original-oval-definitions-filename.result.xml' will be generated
                     for each referenced OVAL file in current working directory. This option  (in
                     conjunction  with  the --report option) also enables inclusion of additional
                     OVAL information in the XCCDF report. To change  the  directory  where  OVAL
                     files are generated change the CWD using the `cd` command.

              --check-engine-results
                     After  evaluation  is  finished, each loaded check engine plugin is asked to
                     export its results. The export itself is plugin specific,  please  refer  to
                     documentation of the plugin for more details.

              --export-variables
                     Generate  OVAL  Variables documents which contain external variables' values
                     that were provided to  the  OVAL  checking  engine  during  evaluation.  The
                     filename      format     is     'original-oval-definitions-filename-session-
                     index.variables-variables-index.xml'.

              --datastream-id ID
                     Uses a  datastream  with  that  particular  ID  from  the  given  datastream
                     collection.  If  not given the first datastream is used. Only applies if you
                     give source datastream in place of an XCCDF file.

              --xccdf-id ID
                     Takes component ref with given ID from checklists. This allows to  select  a
                     particular  XCCDF  component  even  in cases where there are 2 XCCDFs in one
                     datastream. If none is  given,  the  first  component  from  the  checklists
                     element is used.

              --benchmark-id ID
                     Selects a component ref from any datastream that references a component with
                     XCCDF Benchmark such that its @id attribute matches  given  string  exactly.
                     Please  note  that this is not the recommended way of selecting a component-
                     ref. You are advised to  use  --xccdf-id  AND/OR  --datastream-id  for  more
                     precision.   --benchmark-id   is   only   used   when  both  --xccdf-id  and
                     --datastream-id are not present on the command line!

              --skip-valid
                     Do not validate input/output files.

              --fetch-remote-resources
                     Allow download of remote  OVAL  content  referenced  from  XCCDF  by  check-
                     content-ref/@href.

              --remediate
                     Execute  XCCDF  remediation  in the process of XCCDF evaluation. This option
                     automatically executes content of XCCDF fix elements for failed  rules,  and
                     thus this shall be avoided unless for trusted content. Use of this option is
                     always at your own risk.

              --verbose VERBOSITY_LEVEL
                     Turn on verbose mode at specified verbosity level.  VERBOSITY_LEVEL  is  one
                     of: DEVEL, INFO, WARNING, ERROR.

              --verbose-log-file FILE
                     Set filename to write additional information.

       remediate [options] INPUT_FILE [oval-definitions-files]
              This  module  provides  post-scan  remediation.  It  assumes that the INPUT_FILE is
              result of `oscap xccdf eval` operation. The  input  file  must  contain  TestResult
              element.  This  module executes XCCDF fix elements for failed rule-result contained
              in the given TestResult. Use of this option is always at your own risk and it shall
              be avoided unless for trusted content.

              --result-id ID
                     ID  of  the XCCDF TestResult element which shall be remedied. If this option
                     is missing the last TestResult (in top-down processing) will be remedied.

              --skip-valid
                     Do not validate input/output files.

              --fetch-remote-resources
                     Allow download of remote  OVAL  content  referenced  from  XCCDF  by  check-
                     content-ref/@href.

              --cpe CPE_FILE
                     Use  given  CPE  dictionary  or  language  (auto-detected) for applicability
                     checks.

              --results FILE
                     Write XCCDF results into FILE.

              --results-arf FILE
                     Writes results to a given FILE in Asset Reporting Format. It is  recommended
                     to use this option instead of --results when dealing with datastreams.

              --report FILE
                     Write  HTML  report  into  FILE. You also have to specify --results for this
                     feature to work.

              --oval-results
                     Generate OVAL Result file for each OVAL session used  for  evaluation.  File
                     with  name 'original-oval-definitions-filename.result.xml' will be generated
                     for each referenced OVAL  file.  This  option  (with  conjunction  with  the
                     --report  option)  also  enables inclusion of additional OVAL information in
                     the XCCDF report.

              --check-engine-results
                     After evaluation is finished, each loaded check engine plugin  is  asked  to
                     export  its  results.  The export itself is plugin specific, please refer to
                     documentation of the plugin for more details.

              --export-variables
                     Generate OVAL Variables documents which contain external  variables'  values
                     that  were  provided  to  the  OVAL  checking  engine during evaluation. The
                     filename     format     is      'original-oval-definitions-filename-session-
                     index.variables-variables-index.xml'.

       resolve -o output-file xccdf-file
              Resolve  an  XCCDF  file  as  described in the XCCDF specification. It will flatten
              inheritance hierarchy of XCCDF profiles,  groups,  rules,  and  values.  Result  is
              another XCCDF document, which will be written to output-file.

              --force
                     Force resolving XCCDF document even if it is already marked as resolved.

       validate [options] xccdf-file
              Validate given XCCDF file against a XML schema. Every found error is printed to the
              standard error. Return code is 0 if validation succeeds, 1 if validation could  not
              be performed due to some error, 2 if the XCCDF document is not valid.

              --schematron
                     Turn  on  Schematron-based  validation.  It  is able to find more errors and
                     inconsistencies but is much slower. Schematron is available only  for  XCCDF
                     version 1.2.

       export-oval-variables [options] xccdf-file [oval-definitions-files]
              Collect  all  the  XCCDF  values  that would be used by OVAL during evaluation of a
              certain profile  and  export  them  as  OVAL  external-variables  document(s).  The
              filename   format  is  'original-oval-definitions-filename-session-index.variables-
              variables-index.xml'.

              --profile PROFILE
                     Select a particular profile from XCCDF document.

              --fetch-remote-resources
                     Allow download of remote  OVAL  content  referenced  from  XCCDF  by  check-
                     content-ref/@href.

              --skip-valid
                     Do not validate input/output files.

              --datastream-id ID
                     Uses  a  datastream  with  that  particular  ID  from  the  given datastream
                     collection. If not given the first datastream is used. Only applies  if  you
                     give source datastream in place of an XCCDF file.

              --xccdf-id ID
                     Takes  component  ref with given ID from checklists. This allows to select a
                     particular XCCDF component even in cases where there are  2  XCCDFs  in  one
                     datastream.

              --cpe CPE_FILE
                     Use  given  CPE  dictionary  or  language  (auto-detected) for applicability
                     checks. The variables documents are created only for xccdf:Rules  which  are
                     applicable.

       generate [options] <submodule> [submodule-specific-options]
              Generate  another  document  form  an  XCCDF  file such as security guide or result
              report.

              --profile ID
                     Apply profile with given ID to the Benchmark before further processing takes
                     place.

              Available submodules:

              guide [options] xccdf-file
                     Generate  a  formatted  document  containing  a  security guide from a XCCDF
                     Benchmark. Unless the --output option is specified it will be written to the
                     standard  output.  Without profile being set only groups (not rules) will be
                     included in the output.

                     --output FILE
                            Write the guide to this file instead of standard output.

                     --hide-profile-info
                            Information on chosen profile (e.g. rules selected  by  the  profile)
                            will be excluded from the document.

              report [options] xccdf-file
                     Generate  a  document  containing  results  of  a XCCDF Benchmark execution.
                     Unless the --output option is specified it will be written to  the  standard
                     output.  ID  of  the  TestResult  element  to visualise defaults to the most
                     recent result (according to the end-time attribute).

                     --output FILE
                            Write the report to this file instead of standard output.

                     --result-id ID
                            ID of the XCCDF TestResult from which the report will be generated.

                     --show what
                            Specify what result types shall be displayed in  the  result  report.
                            The  default  is  to  show  everything  except for rules with results
                            notselected and notapplicable. The what  part  is  a  comma-separated
                            list of result types to display in addition to the default. If result
                            type is prefixed by a dash '-', it will be excluded from the results.
                            If  what  is  prefixed  by  an  equality  sign  '=', a following list
                            specifies exactly what rule types to include in  the  report.  Result
                            types  are:  pass,  fixed,  notchecked,  notapplicable,  notselected,
                            informational, unknown, error, fail.

                     --oval-template template-string
                            To use the ability to include additional  information  from  OVAL  in
                            xccdf  result  file,  a  template  which  will be used to obtain OVAL
                            result file names has to be specified. The template can be  either  a
                            filename  or  a  string  containing  wildcard character (percent sign
                            '%'). Wildcard will be replaced by the original OVAL definition  file
                            name  as  referenced  from the XCCDF file. This way it is possible to
                            obtain OVAL information even from XCCDF documents referencing several
                            OVAL files. To use this option with results from an XCCDF evaluation,
                            specify %.result.xml as a OVAL file name template.

                     --sce-template template-string
                            To use the ability to include  additional  information  from  SCE  in
                            XCCDF result file, a template which will be used to obtain SCE result
                            file names has to be specified. The template can be either a filename
                            or  a  string  containing  wildcard  character  (percent  sign  '%').
                            Wildcard will be replaced by the original SCE  script  file  name  as
                            referenced from the XCCDF file. This way it is possible to obtain SCE
                            information even from XCCDF documents referencing several SCE  files.
                            To  use  this  option  with results from an XCCDF evaluation, specify
                            %.result.xml as a SCE file name template.

              fix [options] xccdf-file
                     Generate a script that shall bring the system to a state of compliance  with
                     given  XCCDF  Benchmark.  There  are  2 possibilities when generating fixes:
                     Result-oriented fixes (--result-id) or Profile-oriented  fixes  (--profile).
                     Result-oriented  takes  precedences  over  Profile-oriented, if result-id is
                     given, oscap will ignore any profile provided.

                     Result-oriented fixes are generated using result-id provided to select  only
                     the failing rules from results in xccdf-file, it skips all other rules.

                     Profile-oriented  fixes  are  generated  using all rules within the provided
                     profile. If no result-id/profile are provided,  (default)  profile  will  be
                     used to generate fixes.

                     --fix-type TYPE
                            Specify  fix  type. There are multiple programming languages in which
                            the fix script can  be  generated.  TYPE  should  be  one  of:  bash,
                            ansible,  puppet,  anaconda. Default is bash. This option is mutually
                            exclusive with --template, because fix type  already  determines  the
                            template URN.

                     --output FILE
                            Write the report to this file instead of standard output.

                     --result-id ID
                            Fixes  will  be  generated  for  failed rule-results of the specified
                            TestResult.

                     --template ID|FILE
                            Template to be used to generate the script. If it contains a dot  '.'
                            it  is  interpreted  as  a  location  of  a  file  with  the template
                            definition. Otherwise it identifies  a  template  from  standard  set
                            which  currently  includes:  bash  (default  if  no --template switch
                            present). Brief explanation  of  the  process  of  writing  your  own
                            templates  is in the XSL file xsl/legacy-fix.xsl in the openscap data
                            directory.  You  can  also  take  a  look  at  the  default  template
                            xsl/legacy-fixtpl-bash.xml.

                     --xccdf-id ID
                            Takes  component  ref  with  given ID from checklists. This allows to
                            select a particular XCCDF component even in cases where there  are  2
                            XCCDFs  in one datastream. If none is given, the first component from
                            the checklists element is used.

                     --benchmark-id ID
                            Selects a  component  ref  from  any  datastream  that  references  a
                            component  with  XCCDF  Benchmark such that its @id attribute matches
                            given string exactly.

              custom --stylesheet xslt-file [options] xccdf-file
                     Generate a custom output (depending on given XSLT file) from an XCCDF file.

                     --stylesheet FILE
                            Specify an absolute path to a custom stylesheet to format the output.

                     --output FILE
                             Write the document into file.

OVAL OPERATIONS

       eval [options] INPUT_FILE
              Probe the system and evaluate all definitions  from  OVAL  Definition  file.  Print
              result  of  each  definition  to  standard  output.  The  return  code is 0 after a
              successful evaluation. On error, value 1 is returned.

              INPUT_FILE can be either OVAL Definition File or SCAP Source Datastream, it depends
              on used options.

              Unless  --skip-valid  is  used,  the  INPUT_FILE  is  validated  using  XSD schemas
              (depending on document type of INPUT_FILE) and rejected if invalid.

              --id DEFINITION-ID
                     Evaluate ONLY specified OVAL Definition from OVAL Definition File.

              --variables FILE
                     Provide external variables expected by OVAL Definition File.

              --directives FILE
                     Use OVAL Directives content to specify desired results content.

              --without-syschar
                     Don't provide system characteristics in result file.

              --results FILE
                     Write OVAL Results into file.

              --report FILE
                     Create human readable (HTML) report from OVAL Results.

              --datastream-id ID
                     Uses a  datastream  with  that  particular  ID  from  the  given  datastream
                     collection.  If  not given the first datastream is used. Only applies if you
                     give source datastream in place of an OVAL file.

              --oval-id ID
                     Takes component ref with given ID from  checks.  This  allows  to  select  a
                     particular  OVAL  component  even  in  cases  where there are 2 OVALs in one
                     datastream.

              --skip-valid
                     Do not validate input/output files.

              --fetch-remote-resources
              Allow download of remote components referenced from Datastream.

       --verbose VERBOSITY_LEVEL
              Turn on verbose mode at specified  verbosity  level.  VERBOSITY_LEVEL  is  one  of:
              DEVEL, INFO, WARNING, ERROR.

       --verbose-log-file FILE
              Set filename to write additional information.

       collect [options] definitions-file
              Probe  the  system  and  gather  system  characteristics  for  all  objects in OVAL
              Definition file.

              --id OBJECT-ID
                     Collect system characteristics ONLY for specified OVAL Object.

              --variables FILE
                     Provide external variables expected by OVAL Definitions.

              --syschar FILE
                     Write OVAL System Characteristic into file.

              --skip-valid
                     Do not validate input/output files.

              --verbose VERBOSITY_LEVEL
                     Turn on verbose mode at specified verbosity level.  VERBOSITY_LEVEL  is  one
                     of: DEVEL, INFO, WARNING, ERROR.

              --verbose-log-file FILE
                     Set filename to write additional information.

       analyse [options] --results FILE definitions-file syschar-file
              In  this mode, the oscap tool does not perform data collection on the local system,
              but relies upon the input file, which may have been generated  on  another  system.
              The output (OVAL Results) is printed to file specified by --results parameter.

              --variables FILE
                     Provide external variables expected by OVAL Definitions.

              --directives FILE
                     Use OVAL Directives content to specify desired results content.

              --skip-valid
                     Do not validate input/output files.

              --verbose VERBOSITY_LEVEL
                     Turn  on  verbose  mode at specified verbosity level. VERBOSITY_LEVEL is one
                     of: DEVEL, INFO, WARNING, ERROR.

              --verbose-log-file FILE
                     Set filename to write additional information.

       validate [options] oval-file
              Validate given OVAL file against a XML schema. Every found error is printed to  the
              standard  error. Return code is 0 if validation succeeds, 1 if validation could not
              be performed due to some error, 2 if the OVAL document is not valid.

              --definitions, --variables, --syschar, --results --directives
                     Type of the OVAL document is automatically detected by default. If you  want
                     enforce certain document type, you can use one of these options.

              --schematron
                     Turn  on  Schematron-based  validation.  It  is able to find more errors and
                     inconsistencies but is much slower.

       generate <submodule> [submodule-specific-options]
              Generate another document form an OVAL file.

              Available submodules:

              report [options] oval-results-file
                     Generate a formatted HTML page containing visualisation of an  OVAL  results
                     file.  Unless  the  --output  option  is specified it will be written to the
                     standard output.

                     --output FILE
                            Write the report to this file instead of standard output.

       list-probes [options]
              List supported object types (i.e. probes)

              --static
                     List all probes defined in the internal tables.

              --dynamic
                     List all probes supported on the current system (this is default behavior).

              --verbose
                     Be verbose.

CPE OPERATIONS

       check name
              Check whether name is in correct CPE format.

       match name dictionary.xml
              Find an exact match of CPE name in the dictionary.

       validate cpe-dict-file
              Validate given CPE dictionary file against a  XML  schema.  Every  found  error  is
              printed  to  the  standard  error.  Return  code  is 0 if validation succeeds, 1 if
              validation could not be performed due to some error, 2 if the XCCDF document is not
              valid.

CVSS OPERATIONS

       score cvss_vector
              Calculate  score  from  a CVSS vector. Prints base score for base CVSS vector, base
              and temporal score for temporal CVSS vector, base and  temporal  and  environmental
              score for environmental CVSS vector.

       describe cvss_vector
              Describe  individual  components  of  a  CVSS vector in a human-readable format and
              print partial scores.

       CVSS vector consists of several slash-separated components specified as  key-value  pairs.
       Each  key  can  be  specified at most once. Valid CVSS vector has to contain at least base
       CVSS metrics, i.e. AV, AC, AU, C, I, and A. Following table summarizes the components  and
       possible  values  (second  column  is  metric  category: B for base, T for temporal, E for
       environmental):

              AV:[L|A|N]            B   Access vector: Local, Adjacent network, Network

              AC:[H|M|L]            B   Access complexity: High, Medium, Low

              AU:[M|S|N]             B    Required  authentication:  Multiple  instances,  Single
              instance, None

              C:[N|P|C]             B   Confidentiality impact: None, Partial, Complete

              I:[N|P|C]             B   Integrity impact: None, Partial, Complete

              A:[N|P|C]             B   Availability impact: None, Partial, Complete

              E:[ND|U|POC|F|H]       T   Exploitability: Not Defined, Unproven, Proof of Concept,
              Functional, High

              RL:[ND|OF|TF|W|U]     T   Remediation Level: Not Defined, Official  Fix,  Temporary
              Fix, Workaround, Unavailable

              RC:[ND|UC|UR|C]          T     Report   Confidence:   Not   Defined,   Unconfirmed,
              Uncorroborated, Confirmed

              CDP:[ND|N|L|LM|MH|H]  E   Collateral Damage Potential: Not Defined, None, Low, Low-
              Medium, Medium-High, High

              TD:[ND|N|L|M|H]       E   Target Distribution: Not Defined, None, Low, Medium, High

              CR:[ND|L|M|H]          E    Confidentiality  requirement: Not Defined, Low, Medium,
              High

              IR:[ND|L|M|H]         E   Integrity requirement: Not Defined, Low, Medium, High

              AR:[ND|L|M|H]         E   Availability requirement: Not Defined, Low, Medium, High

DS OPERATIONS

       sds-compose [options] SOURCE_XCCDF TARGET_SDS
              Creates a source datastream from the XCCDF file given in  SOURCE_XCCDF  and  stores
              the  result  in TARGET_SDS. Dependencies like OVAL files are automatically detected
              and bundled in target source datastream.

              --skip-valid
                     Do not validate input/output files.

       sds-add [options] NEW_COMPONENT EXISTING_SDS
              Adds given NEW_COMPONENT file to the  existing  source  datastream  (EXISTING_SDS).
              Component  file might be OVAL, XCCDF or CPE Dictionary file. Dependencies like OVAL
              files are automatically detected  an bundled in target source datastream.

              --datastream-id DATASTREAM_ID
                     Uses a  datastream  with  that  particular  ID  from  the  given  datastream
                     collection. If not given the first datastream is used.

              --skip-valid
                     Do not validate input/output files.

       sds-split [options] SOURCE_DS TARGET_DIR
              Splits  given  source  datastream  into  multiple files and stores all the files in
              TARGET_DIR.

              --datastream-id DATASTREAM_ID
                     Uses a  datastream  with  that  particular  ID  from  the  given  datastream
                     collection. If not given the first datastream is used.

              --xccdf-id XCCDF_ID
                     Takes  component  ref with given ID from checklists. This allows to select a
                     particular XCCDF component even in cases where there are  2  XCCDFs  in  one
                     datastream.

              --skip-valid
                     Do not validate input/output files.

              --fetch-remote-resources
                     Allow download of remote components referenced from Datastream.

       sds-validate SOURCE_DS
              Validate  given  source  datastream file against a XML schema. Every found error is
              printed to the standard error. Return code  is  0  if  validation  succeeds,  1  if
              validation  could not be performed due to some error, 2 if the source datastream is
              not valid.

       rds-create [options] SDS TARGET_ARF XCCDF_RESULTS [OVAL_RESULTS [OVAL_RESULTS ..]]
              Takes given source  datastream,  XCCDF  and  OVAL  results  and  creates  a  result
              datastream (in Asset Reporting Format) and saves it to file given in TARGET_ARF.

              --skip-valid
                     Do not validate input/output files.

       rds-split [options] [--report-id REPORT_ID] RDS TARGET_DIR
              Takes given result datastream (also called ARF = asset reporting format) and splits
              given report and its respective report-request to given  target  directory.  If  no
              report-id  is  given,  we assume user wants the first applicable report in top-down
              order in the file.

              --skip-valid
                     Do not validate input/output files.

       rds-validate SOURCE_RDS
              Validate given result datastream file against a XML schema. Every  found  error  is
              printed  to  the  standard  error.  Return  code  is 0 if validation succeeds, 1 if
              validation could not be performed due to some error, 2 if the result datastream  is
              not valid.

CVE OPERATIONS

       validate cve-nvd-feed.xml
              Validate given CVE data feed.

       find CVE cve-nvd-feed.xml
              Find  given  CVE  in  data feed and report base score, vector string and vulnerable
              software list.

EXIT STATUS

       Normally, the exit status is 0 when operation finished successfully and  1  otherwise.  In
       cases  when  oscap performs evaluation of the system it may return 2 indicating success of
       the operation but incompliance of the assessed system.

EXAMPLES

       Evaluate XCCDF content using CPE dictionary and produce html report. In this case  we  use
       United  States  Government  Configuration  Baseline (USGCB) for Red Hat Enterprise Linux 5
       Desktop.

               oscap xccdf eval --fetch-remote-resources --oval-results \
                       --profile united_states_government_configuration_baseline \
                       --report usgcb-rhel5desktop.report.html \
                       --results usgcb-rhel5desktop-xccdf.xml.result.xml \
                       --cpe usgcb-rhel5desktop-cpe-dictionary.xml \
                       usgcb-rhel5desktop-xccdf.xml

CONTENT

        SCAP Security Guide - https://github.com/OpenSCAP/scap-security-guide/

        National Vulnerability Database - http://web.nvd.nist.gov/view/ncp/repository

        Red Hat content repository - http://www.redhat.com/security/data/oval/

REPORTING BUGS

       Please report bugs using https://github.com/OpenSCAP/openscap/issues
       Make sure you include the full output of `oscap --v` in the bug report.

AUTHORS

       Peter Vrabec <pvrabec@redhat.com>
       Šimon Lukašík
       Martin Preisler <mpreisle@redhat.com>