Back by popular demand, we’ll again be posting a series of blogs leading up to the Fedora 14 “Laughlin” release, which highlight some of the cool new features planned in the latest Fedora distribution. Up first is a feature that boosts security in Fedora 14: OpenSCAP.
Staying true to its motto of “Freedom, Friends, Features, First,” the Fedora Project always looks to implement the latest open source technologies. The release of Fedora 14 is expected to mark a “first” with inclusion of support for the SCAP (Security Content Automation Protocol) 1.0 standard – a first across all distributions.
SCAP is a line of standards managed by the National Institute of Standards and Technology (NIST). It provides a standardized approach to maintaining the security of systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise. With OpenSCAP, the open source community is leveraging many different components from the security standards ecosystem.
The SCAP suite contains multiple complex data exchange formats used to transmit important vulnerability, configuration, and other security data so that other SCAP tools can interoperate. Historically, this information has been locked away in proprietary tools with proprietary file formats. The lack of interoperable tools means that you cannot assemble a best of breed set of tools where you have the best editor, scanner, analysis, or visualization tool from different authors working together. The SCAP specification is challenging to implement, and as such, only an incomplete reference implementation for two of the standards is available to the open source community. This lack of tools makes the barrier to entry high and discourages adoption of these protocols by the open source community. The goal of the OpenSCAP project is to create a framework of libraries to improve the accessibility of SCAP and enhance the usability of the information it represents.
The libraries available through the OpenSCAP project are designed to enable users to jump more quickly from idea to prototype when developing security tools. If you have a neat idea for a security tool, you don’t have to figure out SCAP and start a project by writing a parser. Instead, you can jump right to using Python, Perl, or C to experiment and see if the idea is worth pursuing to make into a more comprehensive tool. With support from the developer community, the OpenSCAP project hopes to make more tools available in the future.
Fedora 14 is expected to include a number of tools based on the OpenSCAP library:
- oscap-scan: command line scanner driven by OVAL®/XCCDF content.
- secstate: tool that attempts to streamline the certification and accreditation (C&A) process of Linux systems by providing a mechanism to verify, validate, and provide remediation to security relevant configuration items.
- firstaidkit-plugin-openscap: Plugin for FirstAidKit which allows the user to perform basic automated security audit and evaluate the results in text or graphical environment.
- Scap-workbench: a soon to be released GUI tool that allows for content tailoring, on-demand scanning, and presentation of scan results.
OpenSCAP is a big change to the way that companies can do compliance and vulnerability auditing and allows them to prevent vendor lock-in. Red Hat has been an early adopter of this technology, with its Security Response Team issuing Open Vulnerability Assessment Language (OVAL) content for Security Errata, and also using Common Vulnerabilities and Exposures (CVE) notation to enumerate software vulnerabilities. Red Hat’s commitment has improved the creation of the OpenSCAP library with content for use with Fedora 14 to enable a basic security scan. The OpenSCAP project adds software support for OVAL and CVE and the rest of the SCAP standards such as:
- Common Vulnerability Scoring System (CVSS)
- Common Platform Enumeration (CPE)
- Common Configuration Enumeration (CCE)
- Extensible Configuration Checklist Description Format (XCCDF)
Support for these recognized standards enhances an organization’s ability to check compliance, patch level, do inventory, prioritize system updates, and improve situational awareness.
Be one of the first to try out OpenSCAP in Fedora 14. Download the Fedora 14 Beta here and look for the final release in early November.
–OVAL and CVE are registered trademarks, and CCE, CPE, and OCIL are trademarks, of The MITRE Corporation.
–XCCDF and SCAP are trademarks of the National Institute of Standards and Technology (NIST).
Sull'autore
Altri risultati simili a questo
Ricerca per canale
Automazione
Novità sull'automazione IT di tecnologie, team e ambienti
Intelligenza artificiale
Aggiornamenti sulle piattaforme che consentono alle aziende di eseguire carichi di lavoro IA ovunque
Hybrid cloud open source
Scopri come affrontare il futuro in modo più agile grazie al cloud ibrido
Sicurezza
Le ultime novità sulle nostre soluzioni per ridurre i rischi nelle tecnologie e negli ambienti
Edge computing
Aggiornamenti sulle piattaforme che semplificano l'operatività edge
Infrastruttura
Le ultime novità sulla piattaforma Linux aziendale leader a livello mondiale
Applicazioni
Approfondimenti sulle nostre soluzioni alle sfide applicative più difficili
Serie originali
Raccontiamo le interessanti storie di leader e creatori di tecnologie pensate per le aziende
Prodotti
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Servizi cloud
- Scopri tutti i prodotti
Strumenti
- Formazione e certificazioni
- Il mio account
- Supporto clienti
- Risorse per sviluppatori
- Trova un partner
- Red Hat Ecosystem Catalog
- Calcola il valore delle soluzioni Red Hat
- Documentazione
Prova, acquista, vendi
Comunica
- Contatta l'ufficio vendite
- Contatta l'assistenza clienti
- Contatta un esperto della formazione
- Social media
Informazioni su Red Hat
Red Hat è leader mondiale nella fornitura di soluzioni open source per le aziende, tra cui Linux, Kubernetes, container e soluzioni cloud. Le nostre soluzioni open source, rese sicure per un uso aziendale, consentono di operare su più piattaforme e ambienti, dal datacenter centrale all'edge della rete.
Seleziona la tua lingua
Red Hat legal and privacy links
- Informazioni su Red Hat
- Opportunità di lavoro
- Eventi
- Sedi
- Contattaci
- Blog di Red Hat
- Diversità, equità e inclusione
- Cool Stuff Store
- Red Hat Summit