Today's article goes about OpenSCAP, a collection of open source tools to implement and comply with the NIST (National Institute of Standards and Technology) certified SCAP (Security Content Automation Protocol) standard. The goal is to standardize certain security-related issues. A way to automate, to a certain degree, the search for vulnerabilities, assess their possible impacts, manage them and evaluate policies to adopt.
In short, a powerful infrastructure for the elaboration of analysis and reports on systems vulnerabilities. For that you can use the SCAP SecurityGuide and OpenSCAP tools for auditing security.
Inside OpenSCAP you can find:
- scap-workbench: As its name suggests, it is a graphical utility designed to be able to perform configuration and vulnerability scans on the system, both locally and remotely. It also allows you to generate security reports based on scans and evaluations.
- ocap: This other command line tool allows you to perform scans like the previous one, both of the configuration that affects security and of the vulnerabilities of a system. Only in this case locally. It also allows you to evaluate and generate reports based on what has been analyzed.
- Script Check Engine (SCE): is an extension of the SCAP protocol that allows administrators to write their security content using an interpreted language, such as Bash, Ruby, Python scripts, etc.
- scap-security-guide: SSG is a package with a collection of security policies for Linux systems. It consists of a large catalog of practical advice.
- Other: you can see more here. You can download all of them one by one from the official OpenSCAP website and you can choose the type of package to download. There are specific packages for Fedora, CentOS, RHEL, Debian, and Ubuntu. Of course, you can also install them from the distro repositories.
More information - Official Web