Chapter 7. Compliance and Vulnerability Scanning with OpenSCAP
7.1. Security Compliance in Red Hat Enterprise Linux
Security Compliance Tools Supported on Red Hat Enterprise Linux 7
- SCAP Workbench — The
scap-workbenchgraphical utility is designed to perform configuration and vulnerability scans on a single local or remote system. It can be also used to generate security reports based on these scans and evaluations.
- OpenSCAP — The oscap command-line utility is designed to perform configuration and vulnerability scans on a local system, to validate security compliance content, and to generate reports and guides based on these scans and evaluations.
- Script Check Engine (SCE) — SCE is an extension to the SCAP protocol that allows administrators to write their security content using a scripting language, such as Bash, Python, or Ruby. The SCE extension is provided in the openscap-engine-sce package.
- SCAP Security Guide (SSG) — The scap-security-guide package provides the latest collection of security policies for Linux systems. The guidance consists of a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines.