From Fedora Project Wiki
Line 27: Line 27:
* [https://fedorahosted.org/secstate/ secstate] - tool that attempts to streamline the Certification and Accreditation (C&A) process of Linux systems by providing a mechanism to verify, validate, and '''provide remediation''' to security relevant configuration items.
* [https://fedorahosted.org/secstate/ secstate] - tool that attempts to streamline the Certification and Accreditation (C&A) process of Linux systems by providing a mechanism to verify, validate, and '''provide remediation''' to security relevant configuration items.
* firstaidkit-plugin-openscap - This [https://fedoraproject.org/wiki/Features/FirstAidKit FirstAidKit] plugin interfaces the OpenSCAP library, which can be used to perform a security/configuration audit of a running machine.
* firstaidkit-plugin-openscap - This [https://fedoraproject.org/wiki/Features/FirstAidKit FirstAidKit] plugin interfaces the OpenSCAP library, which can be used to perform a security/configuration audit of a running machine.
The last part of this feature a is an OVAL/XCCDF content that represent secure and consistent configuration of Fedora operating system. This content can be by any SCAP enabled tool.


== Benefit to Fedora ==
== Benefit to Fedora ==

Revision as of 12:36, 22 June 2010


OpenSCAP

Summary

Provide open-source Security Content Automation Protocol (SCAP) framework, basic set of applications and OVAL/XCCDF security content for Fedora 14.

Owner

Current status

  • Targeted release: Fedora 14
  • Last updated: 22-Jun-2010
  • Percentage of completion: 0%

Detailed Description

SCAP is a line of standards managed by NIST. It was created to provide a standardized approach to maintaining the security of systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise.

The SCAP suite contains multiple complex data exchange formats that are to be used to transmit important vulnerability, configuration, and other security data. Historically, there have been few tools that provide a way to query this data in the needed format. This lack of tools makes the barrier to entry very high and discourages adoption of these protocols by the community. It's a goal of OpenSCAP project to create a framework of libraries to improve the accessibility of SCAP and enhance the usability of the information it represents.

The tools based on OpenSCAP library which are included in this Fedora feature are:

  • oscap-scan - command line scanner driven by OVAL/XCCDF content
  • secstate - tool that attempts to streamline the Certification and Accreditation (C&A) process of Linux systems by providing a mechanism to verify, validate, and provide remediation to security relevant configuration items.
  • firstaidkit-plugin-openscap - This FirstAidKit plugin interfaces the OpenSCAP library, which can be used to perform a security/configuration audit of a running machine.

The last part of this feature a is an OVAL/XCCDF content that represent secure and consistent configuration of Fedora operating system. This content can be by any SCAP enabled tool.

Benefit to Fedora

Scope

How To Test

User Experience

Dependencies

Contingency Plan

Documentation

Release Notes

Comments and Discussion