[Verse 1]
Fire up your virtual machine today
RHEL or Ubuntu, either way
Time to scan for security flaws
With OpenSCAP and SCAP laws
Install the tools we need to see
Where vulnerabilities might be
SCAP Security Guide in hand
We'll scan across this testing land
[Chorus]
O-S-C-A-P info command
List the profiles, understand
S-T-I-G scan with eval
HTML report will reveal
Passed and failed and not applied
Security status, nothing to hide
X-C-C-D-F results in XML
SCAP scanning serves us well
[Verse 2]
Navigate to the sharing place
usr share xml scap base
SSG content with your distro name
DataStream file, that's the game
Run oscap info to display
All the profiles you can play
Choose your target, make it clear
STIG compliance drawing near
[Chorus]
O-S-C-A-P info command
List the profiles, understand
S-T-I-G scan with eval
HTML report will reveal
Passed and failed and not applied
Security status, nothing to hide
X-C-C-D-F results in XML
SCAP scanning serves us well
[Verse 3]
Oscap xccdf eval the way
Profile STIG will save the day
Report dot HTML for the view
Results dot XML structured too
DataStream file at the end
Watch the scanning process blend
Every check gets its own test
Pass or fail, we'll see the rest
[Bridge]
Open up that HTML file
Browse the results, stay a while
Green means passed, red means failed
Gray shows checks that weren't detailed
Not applicable, that's okay
Some don't match your system's way
XML holds the structured data
Compliance dreams are getting better
[Chorus]
O-S-C-A-P info command
List the profiles, understand
S-T-I-G scan with eval
HTML report will reveal
Passed and failed and not applied
Security status, nothing to hide
X-C-C-D-F results in XML
SCAP scanning serves us well
[Outro]
Now you've learned to run the scan
SCAP compliance, you're the man
Virtual machine tested clean
Best security you've ever seen