使用opencap评估CentOS 7的PCI DSS合规

1. 安装openscap

   $ sudo yum install -y openscap-scanner scap-security-guide

2. 确认PCI-DSS profile已经安装好

   $ oscap info /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

3. 评估PCI-DSS相关的内容

   $ oscap xccdf eval --results results.xml --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

4. 产生方便阅读的html格式报告

$ oscap xccdf generate report --output report.html results.xml