Chapter 8. Scanning the System for Configuration Compliance and Vulnerabilities
8.1. Configuration Compliance Tools in RHEL
- SCAP Workbench - The scap-workbench graphical utility is designed to perform configuration and vulnerability scans on a single local or remote system. You can also use it to generate security reports based on these scans and evaluations.
- OpenSCAP - The OpenSCAP library, with the accompanying oscap command-line utility, is designed to perform configuration and vulnerability scans on a local system, to validate configuration compliance content, and to generate reports and guides based on these scans and evaluations.
- SCAP Security Guide (SSG) - The scap-security-guide package provides the latest collection of security policies for Linux systems. The guidance consists of a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines.
- Script Check Engine (SCE) - SCE is an extension to the SCAP protocol that enables administrators to write their security content using a scripting language, such as Bash, Python, and Ruby. The SCE extension is provided in the openscap-engine-sce package. The SCE itself is not part of the SCAP environment.
oscap(8)- The manual page for the oscap command-line utility provides a complete list of available options and explanations of their usage.
- Red Hat Security Demos: Creating Customized Security Policy Content to Automate Security Compliance - A hands-on lab to get initial experience in automating security compliance using the tools that are included in Red Hat Enterprise Linux to comply with both industry standard security policies and custom security policies. If you want training or access to these lab exercises for your team, contact your Red Hat account team for additional details. .
- Red Hat Security Demos: Defend Yourself with RHEL Security Technologies - A hands-on lab to learn how to implement security at all levels of your RHEL system, using the key security technologies available to you in Red Hat Enterprise Linux, including OpenSCAP. If you want training or access to these lab exercises for your team, contact your Red Hat account team for additional details.
scap-workbench(8)- The manual page for the SCAP Workbench application provides basic information about the application and links to potential sources of SCAP content.
scap-security-guide(8)- The manual page for the scap-security-guide project provides further documentation about the various available SCAP security profiles. It also contains examples for using the provided benchmarks using the OpenSCAP utility.
- Security Compliance Management in the Administering Red Hat Satellite Guide provides more details about using OpenSCAP with Red Hat Satellite.