7.13. Ressources supplémentaires
- Supported versions of the SCAP Security Guide in RHEL
-
The OpenSCAP project page provides detailed information about the
oscap
utility and other components and projects related to SCAP. -
The SCAP Workbench project page provides detailed information about the
scap-workbench
application. - The SCAP Security Guide (SSG) project page provides the latest security content for Red Hat Enterprise Linux.
- Using OpenSCAP for security compliance and vulnerability scanning - A hands-on lab on running tools based on the Security Content Automation Protocol (SCAP) standard for compliance and vulnerability scanning in RHEL.
- Red Hat Security Demos: Creating Customized Security Policy Content to Automate Security Compliance - A hands-on lab to get initial experience in automating security compliance using the tools that are included in RHEL to comply with both industry standard security policies and custom security policies. If you want training or access to these lab exercises for your team, contact your Red Hat account team for additional details.
- Red Hat Security Demos: Defend Yourself with RHEL Security Technologies - A hands-on lab to learn how to implement security at all levels of your RHEL system, using the key security technologies available to you in RHEL, including OpenSCAP. If you want training or access to these lab exercises for your team, contact your Red Hat account team for additional details.
- National Institute of Standards and Technology (NIST) SCAP page has a vast collection of SCAP-related materials, including SCAP publications, specifications, and the SCAP Validation Program.
- National Vulnerability Database (NVD) has the largest repository of SCAP content and other SCAP standards-based vulnerability management data.
- Red Hat OVAL content repository contains OVAL definitions for vulnerabilities of RHEL systems. This is the recommended source of vulnerability content.
- MITRE CVE - This is a database of publicly known security vulnerabilities provided by the MITRE corporation. For RHEL, using OVAL CVE content provided by Red Hat is recommended.
- MITRE OVAL - This is an OVAL-related project provided by the MITRE corporation. Among other OVAL-related information, these pages contain the OVAL language and a repository of OVAL content with thousands of OVAL definitions. Note that for scanning RHEL, using OVAL CVE content provided by Red Hat is recommended.
- Managing security compliance in Red Hat Satellite - This set of guides describes, among other topics, how to maintain system security on multiple systems by using OpenSCAP.