Harden Your Systems with OpenSCAP
Security Check
© Lead Image © alphaspirit, 123RF.com
If you're operating a large collection of Linux servers, OpenSCAP can help with regular auditing and system hardening.
Ever since the boom in Linux-based container technology, new tools for auditing and system hardening have been popping up like mushrooms, but older tools can still be useful. OpenSCAP [1] is an example of an older tool that supports comprehensive system analysis and offers actionable suggestions for improvement.
OpenSCAP is a free implementation of the Security Content Automation Protocol (SCAP) standard. The Institute of Standards and Technology (NIST) refers to SCAP as "…a suite of interoperable specifications for the standardized expression, exchange, and processing of security configuration and vulnerability information." The purpose of SCAP is to provide a framework for automating vulnerability and compliance testing. OpenSCAP checks the system for known vulnerabilities and maps compliance on a scale between 0 and 100 percent. Growing demand for IT standardization prompted NIST to launch the SCAP initiative in the mid-noughties. Since the first version in 2007, the framework has seen successive development.
OpenSCAP offers an easy, automated solution for checking whether your systems are secure. You can check against ready-made policies and profiles available through SCAP, or you can customize a catalog to define your own checks.
[...]
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Microsoft Issues Warning About Linux Vulnerability
The company behind Windows has released information about a flaw that affects millions of Linux systems.
-
Is AI Coming to Your Ubuntu Desktop?
According to the VP of Engineering at Canonical, AI could soon be added to the Ubuntu desktop distribution.
-
Framework Laptop 13 Pro Competes with the Best
Framework has released what might be considered the MacBook of Linux devices.
-
The Latest CachyOS Features Supercharged Kernel
The latest release of CachyOS brings with it an enhanced version of the latest Linux kernel.
-
Kernel 7.0 Is a Bit More Rusty
Linux kernel 7.0 has been released for general availability, with Rust finally getting its due.
-
France Says "Au Revoir" to Microsoft
In a move that should surprise no one, France announced plans to reduce its reliance on US technology, and Microsoft Windows is the first to get the boot.
-
CIQ Releases Compatibility Catalog for Rocky Linux
The company behind Rocky Linux is making an open catalog available to developers, hobbyists, and other contributors, so they can verify and publish compatibility with the CIQ lineup.
-
KDE Gets Some Resuscitation
KDE is bringing back two themes that vanished a few years ago, putting a bit more air under its wings.
-
Ubuntu 26.04 Beta Arrives with Some Surprises
Ubuntu 26.04 is almost here, but the beta version has been released, and it might surprise some people.
-
Ubuntu MATE Dev Leaving After 12 years
Martin Wimpress, the maintainer of Ubuntu MATE, is now searching for his successor. Are you the next in line?