(no title)

It allows you to generate ansible or bash scripts for execution.

If you install OpenScap it comes with built-in policies, but it's always out of sync with the current version of Ubuntu, which is frustrating first time around.

For every version of Ubuntu, the default policies do not work, for e.g. in case of Ubuntu 24.04, I need to download

    git clone https://github.com/complianceascode/content.git
    cd content/ and ./build_product ubuntu2404 and cd ..
    #Run either of the following commands:
    oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level1_server --results arf1.xml --report report1.html content/build/ssg-ubuntu2404-ds.xml
        oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level2_server --results arf2.xml --report report2.html content/build/ssg-ubuntu2404-ds.xml