From Fedora Project Wiki

(Added ref to feature F 14)
(Imported content from Feature 14)
Line 2: Line 2:
 
{{Docs_beat_open}}
 
{{Docs_beat_open}}
  
[https://fedoraproject.org/wiki/Features/OpenSCAP OpenSCAP]
+
= OpenSCAP =
[(...)]
+
 
 +
== Abstract ==
 +
Fedora 14 brings in support of the SCAP (Security Content Automation Protocol). A library called '''OpenSCAP''' that provides development framework and several SCAP scanning tools are included in the distribution. OVAL and XCCDF contents specific for Fedora 14 that can be used for automated system configuration checking are also provided.
 +
 
 +
== Description ==
 +
'''OpenSCAP''' is an open-source framework for SCAP developers.
 +
SCAP is a line of standards managed by [http://scap.nist.gov/index.html NIST] (National Institute of Standards and Technology). It was created to provide a standardized approach ''to maintaining the security'' of systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise.
 +
 
 +
The SCAP suite contains multiple complex data exchange formats that are to be used to transmit important vulnerability, configuration, and other security data. Historically, there have been few tools that provide a way to query this data in the needed format. The OpenSCAP project aims to create a framework of libraries to improve the accessibility of SCAP and enhance the usability of the information it represents.
 +
 
 +
The tools based on OpenSCAP library which are included in this Fedora feature are:
 +
* oscap-scan - command line scanner driven by OVAL/XCCDF content
 +
* secstate - tool that attempts to streamline the Certification and Accreditation (C&A) process of Linux systems by providing a mechanism to verify, validate, and provide remediation to security relevant configuration items.
 +
* firstaidkit-plugin-openscap - Plugin for  [[Features/FirstAidKit | FirstAidKit]] which allows user to perform basic automated security audit and evaluate the results in text or graphical environment.
 +
 
 +
With this feature installed, the user can use different ways to perform automatic scan of his system and make sure the system is in compliance with defined security configuration. The user is enabled to automatically remediate the system.
 +
 
 +
== References ==
 +
* [https://fedoraproject.org/wiki/Features/OpenSCAP OpenSCAP] on Fedora wiki
 +
* [http://www.open-scap.org/page/Documentation Documentations] on project site
 +
* [http://www.open-scap.org/doc/ open-scap] library documentations on project site
 +
* [https://fedorahosted.org/secstate/ secstate] (Security State) on Fedora Hosted
 +
* [https://fedoraproject.org/wiki/Features/FirstAidKit FirstAidKit] on Fedora wiki
 +
 
  
  

Revision as of 13:27, 26 July 2010

DocsProject Header docTeam1.png
Note.png
Beat is open
This beat is now ready to have Fedora 25 content added by the beat writer


OpenSCAP

Abstract

Fedora 14 brings in support of the SCAP (Security Content Automation Protocol). A library called OpenSCAP that provides development framework and several SCAP scanning tools are included in the distribution. OVAL and XCCDF contents specific for Fedora 14 that can be used for automated system configuration checking are also provided.

Description

OpenSCAP is an open-source framework for SCAP developers. SCAP is a line of standards managed by NIST (National Institute of Standards and Technology). It was created to provide a standardized approach to maintaining the security of systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise.

The SCAP suite contains multiple complex data exchange formats that are to be used to transmit important vulnerability, configuration, and other security data. Historically, there have been few tools that provide a way to query this data in the needed format. The OpenSCAP project aims to create a framework of libraries to improve the accessibility of SCAP and enhance the usability of the information it represents.

The tools based on OpenSCAP library which are included in this Fedora feature are:

  • oscap-scan - command line scanner driven by OVAL/XCCDF content
  • secstate - tool that attempts to streamline the Certification and Accreditation (C&A) process of Linux systems by providing a mechanism to verify, validate, and provide remediation to security relevant configuration items.
  • firstaidkit-plugin-openscap - Plugin for FirstAidKit which allows user to perform basic automated security audit and evaluate the results in text or graphical environment.

With this feature installed, the user can use different ways to perform automatic scan of his system and make sure the system is in compliance with defined security configuration. The user is enabled to automatically remediate the system.

References