使用opencap評估CentOS 7的PCI DSS合規

1. 安裝openscap

   $ sudo yum install -y openscap-scanner scap-security-guide

2. 確認PCI-DSS profile已經安裝好

   $ oscap info /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

3. 評估PCI-DSS相關的內容

   $ oscap xccdf eval --results results.xml --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

4. 產生方便閱讀的html格式報告

$ oscap xccdf generate report --output report.html results.xml