欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/ACL2/Agda, C++/Lisp/Haskell
OpenSCAP
来自开放百科 - 灰狐
(版本间的差异)
小 (→功能) |
小 (→功能) |
||
| 第22行: | 第22行: | ||
==功能== | ==功能== | ||
| + | [https://static.open-scap.org/openscap-1.3/ SCAP Library] | ||
| + | *Common - Objects and mechanisms used across all parts of library(在库的所有部分使用的对象和机制) | ||
| + | CPE - Common Platform Enumeration(通用平台枚举) | ||
| + | CVE - Common Vulnerabilities and Exposures(通用漏洞和暴露) | ||
| + | CVSS - Common Vulnerability Scoring System(通用漏洞评分系统) | ||
| + | OVAL - Open Vulnerability and Assessment Language(开放式漏洞和评估语言) | ||
| + | XCCDF - Extensible Configuration Checklist Description Format(可扩展配置检查表描述格式) | ||
| + | XCCDF_POLICY - Policy interface to XCCDF benchmark(XCCDF基准的政策接口) | ||
==工具== | ==工具== | ||
2022年5月11日 (三) 02:46的版本
|
您可以在Wikipedia上了解到此条目的英文信息 OpenSCAP Thanks, Wikipedia. |
OpenSCAP
目录 |
简介
OpenSCAP: Open Source Security Compliance(合规)Solution
OpenSCAP 开源安全合规解决方案,NIST认证的SCAP 1.2工具箱。
Security Content Automation Protocol (SCAP) 安全内容自动化协议
标准
- Security Content Automation Protocol (SCAP)
- SCAP Components XCCDF, OVAL, DataStream, ARF, CPE, CVE, CWE, SCE.
- Other Standards SACM, SWID, CC, FIPS.
版本
功能
- Common - Objects and mechanisms used across all parts of library(在库的所有部分使用的对象和机制)
CPE - Common Platform Enumeration(通用平台枚举) CVE - Common Vulnerabilities and Exposures(通用漏洞和暴露) CVSS - Common Vulnerability Scoring System(通用漏洞评分系统) OVAL - Open Vulnerability and Assessment Language(开放式漏洞和评估语言) XCCDF - Extensible Configuration Checklist Description Format(可扩展配置检查表描述格式) XCCDF_POLICY - Policy interface to XCCDF benchmark(XCCDF基准的政策接口)
工具
- OpenSCAP Base
- OpenSCAP Daemon
- SCAP Workbench
- SCAPTimony
- OSCAP Anaconda Add-on
- Systems Management
- Atomic Scan
指南
Red Hat & CentOS
# yum install openscap-scanner $ oscap -V # yum install scap-security-guide # yum install scap-workbench $ scap-workbench
Debian & Ubuntu
$ sudo apt install openscap-daemon $ oscap -V
项目
缩略语
- AI(Asset Identification)资产识别
- ARF(Asset Reporting Format)资产报告格式
- CCE(Common Configuration Enumeration)通用配置枚举
- CCSS(Common Configuration Scoring System)通用配置评分系统
- CIS(Center for Internet Security)互联网安全中心
- CPE(Common Platform Enumeration)通用平台枚举
- CVE(Common Vulnerabilities and Exposures)通用漏洞和暴露
- CVSS(Common Vulnerability Scoring System)通用漏洞评分系统
- CWE(Common Weakness Enumeration)通用弱点列举
- FIPS(Federal Information Processing Standards)联邦信息处理标准
- MITRE 在 MITRE,我们为一个更安全的世界解决问题。
- NIST(National Institute of Standards and Technology)美国国家标准与技术研究所
- NVD(National Vulnerability Database)国家漏洞数据库
- OCIL(Open Checklist Interactive Language)开放式检查表交互语言
- OVAL(Open Vulnerability and Assessment Language)开放漏洞和评估语言
- PCI DSS(Payment Card Industry Data Security Standard)支付卡行业数据安全标准
- SCE(Script Check Engine)脚本检查引擎
- SDS(SCAP source data stream)SCAP源数据流
- SACM(Security Automation and Continuous Monitorin)安全自动化和持续监控
- SCAP(Security Content Automation Protocol)安全内容自动化协议
- SWID(Software identification)软件识别
- USGCB(United States Government Configuration Baseline)美国政府配置基线
- XCCDF(eXtensible Configuration Checklist Description Format)可扩展配置清单描述格式
图集
SCAP Security Guide
SCAP Workbench
链接
分享您的观点
