Chapter 8. Compliance and Vulnerability Scanning with OpenSCAP
8.1. Security Compliance in Red Hat Enterprise Linux
Security Compliance Tools Supported on Red Hat Enterprise Linux 6
- OpenSCAP — The oscap command-line utility is designed to perform configuration and vulnerability scans on a local system, to validate security compliance content, and to generate reports and guides based on these scans and evaluations.
- Script Check Engine (SCE) — SCE is an extension to SCAP protocol that allows content authors to write their security content using a scripting language, such as Bash, Python or Ruby. The SCE extension is provided with the openscap-engine-sce package.
- SCAP Security Guide (SSG) — The scap-security-guide package provides the latest collection of security polices for Linux systems.