3 # Copyright (c) 2016 Red Hat
4 # Luke Hinds (lhinds@redhat.com)
5 # This program and the accompanying materials
6 # are made available under the terms of the Apache License, Version 2.0
7 # which accompanies this distribution, and is available at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # 0.1: This script installs OpenSCAP on the remote host, and scans the
12 # nominated node. Post scan a report is downloaded and if '--clean' is passed
13 # all trace of the scan is removed from the remote system.
20 __author__ = 'Luke Hinds (lhinds@redhat.com)'
21 __url__ = 'https://wiki.opnfv.org/display/functest/Functest+Security'
25 python ./OpenSCAP.py --host 192.168.0.24 --port 22 --user root --password
26 p6ssw0rd oval --secpolicy
27 /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml --report report.html
35 currenttime = datetime.datetime.now().strftime('%Y-%m-%d_%H-%M-%S')
37 # Set up the main parser
38 parser = argparse.ArgumentParser(description='OpenSCAP Python Scanner')
41 # Todo add required = True
42 parser.add_argument('--user',
46 parser.add_argument('--password',
50 parser.add_argument('--host',
55 parser.add_argument('--port',
60 parser.add_argument('--dist',
64 parser.add_argument('--clean',
67 help='Clean all files from host')
70 subparsers = parser.add_subparsers(
72 description='valid subcommands',
73 help='additional help')
76 parser_xccdf = subparsers.add_parser('xccdf')
77 parser_xccdf.set_defaults(which='xccdf')
79 parser_oval = subparsers.add_parser('oval')
80 parser_oval.set_defaults(which='oval')
82 parser_oval_collect = subparsers.add_parser('oval-collect')
83 parser_oval_collect.set_defaults(which='oval-collect')
85 parser_xccdf.add_argument(
91 parser_oval.add_argument(
95 help='Report name (inc extension (.html)')
97 parser_oval.add_argument(
101 help='Report name (inc extension (.html)')
103 parser_oval.add_argument(
107 help='Security Policy')
109 parserout = parser.parse_args()
110 args = vars(parser.parse_args())
116 localpath = os.getcwd() + '/scripts/createfiles.py'
117 remotepath = '/tmp/createfiles.py'
118 com = 'python /tmp/createfiles.py'
119 connect = connect.connectionManager(parserout.host,
125 tmpdir = connect.remotescript()
130 com = 'yum -y install openscap-scanner scap-security-guide'
131 connect = connect.connectionManager(parserout.host,
135 install_pkg = connect.remotecmd()
142 if args['which'] == 'xccdf':
144 com = '{0} xccdf eval'.format(oscap)
145 connect = connect.connectionManager(parserout.host,
149 elif args['which'] == 'oval':
150 com = '{0} oval eval --results {1}/{2} --report {1}/{3} {4}'.format(oscap,
155 connect = connect.connectionManager(parserout.host,
159 run_tool = connect.remotecmd()
161 com = '{0} oval-collect '.format(oscap)
162 connect = connect.connectionManager(parserout.host,
166 run_tool = connect.remotecmd()
171 dl_folder = os.path.join(os.getcwd(), parserout.host + datetime.datetime.now().strftime('%Y-%m-%d_%H-%M-%S'))
172 os.mkdir(dl_folder, 0755)
173 reportfile = '{0}/{1}'.format(tmpdir.rstrip(), parserout.report)
174 connect = connect.connectionManager(parserout.host,
181 run_tool = connect.download_reports()
186 com = 'yum -y remove openscap-scanner scap-security-guide'
187 connect = connect.connectionManager(parserout.host,
191 yumremove = connect.remotecmd()
197 com = 'rm -r {0}'.format(tmpdir.rstrip())
198 connect = connect.connectionManager(parserout.host,
202 deldir = connect.remotecmd()
205 if __name__ == '__main__':
206 print 'Creating temp file structure...\n'
208 print 'Install OpenSCAP scanner...\n'
210 print 'Running scan...\n'
212 print 'Post installation tasks...\n'
215 print 'Cleaning down environment...\n'
216 print 'Removing OpenSCAP...\n'
218 print 'Deleting tmp file and reports (remote)...\n'