欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/ACL2/Agda, C++/Lisp/Haskell
OpenSCAP
来自开放百科 - 灰狐
(版本间的差异)
小 (→缩略语) |
小 (→缩略语) |
||
| (未显示1个用户的4个中间版本) | |||
| 第16行: | 第16行: | ||
*[https://www.open-scap.org/features/scap-components/ SCAP Components] XCCDF, OVAL, DataStream, ARF, CPE, CVE, CWE, SCE. | *[https://www.open-scap.org/features/scap-components/ SCAP Components] XCCDF, OVAL, DataStream, ARF, CPE, CVE, CWE, SCE. | ||
*[https://www.open-scap.org/features/other-standards/ Other Standards] SACM, SWID, CC, FIPS. | *[https://www.open-scap.org/features/other-standards/ Other Standards] SACM, SWID, CC, FIPS. | ||
| + | |||
| + | ==版本== | ||
| + | *[https://static.open-scap.org/openscap-1.3 OpenSCAP 1.3.x] | ||
| + | *[https://static.open-scap.org/openscap-1.2 OpenSCAP 1.2.x] | ||
==功能== | ==功能== | ||
| + | [https://static.open-scap.org/openscap-1.3/ SCAP Library] | ||
| + | *Common - Objects and mechanisms used across all parts of library(在库的所有部分使用的对象和机制) | ||
| + | *CPE - Common Platform Enumeration(通用平台枚举) | ||
| + | *CVE - Common Vulnerabilities and Exposures(通用漏洞和暴露) | ||
| + | *CVSS - Common Vulnerability Scoring System(通用漏洞评分系统) | ||
| + | *OVAL - Open Vulnerability and Assessment Language(开放式漏洞和评估语言) | ||
| + | *XCCDF - Extensible Configuration Checklist Description Format(可扩展配置检查表描述格式) | ||
| + | *XCCDF_POLICY - Policy interface to XCCDF benchmark(XCCDF基准的政策接口) | ||
==工具== | ==工具== | ||
| 第29行: | 第41行: | ||
==指南== | ==指南== | ||
| + | [https://static.open-scap.org/ Static OpenSCAP] | ||
| + | |||
Red Hat & CentOS | Red Hat & CentOS | ||
# yum install openscap-scanner | # yum install openscap-scanner | ||
| 第59行: | 第73行: | ||
*OCIL(Open Checklist Interactive Language)开放式检查表交互语言 | *OCIL(Open Checklist Interactive Language)开放式检查表交互语言 | ||
*OVAL(Open Vulnerability and Assessment Language)开放漏洞和评估语言 | *OVAL(Open Vulnerability and Assessment Language)开放漏洞和评估语言 | ||
| + | *OSCAL (Open Security Controls Assessment Language) 开放式安全控制评估语言 | ||
*PCI DSS(Payment Card Industry Data Security Standard)支付卡行业数据安全标准 | *PCI DSS(Payment Card Industry Data Security Standard)支付卡行业数据安全标准 | ||
*SCE(Script Check Engine)脚本检查引擎 | *SCE(Script Check Engine)脚本检查引擎 | ||
2022年5月11日 (三) 02:50的最后版本
|
您可以在Wikipedia上了解到此条目的英文信息 OpenSCAP Thanks, Wikipedia. |
OpenSCAP
目录 |
[编辑] 简介
OpenSCAP: Open Source Security Compliance(合规)Solution
OpenSCAP 开源安全合规解决方案,NIST认证的SCAP 1.2工具箱。
Security Content Automation Protocol (SCAP) 安全内容自动化协议
[编辑] 标准
- Security Content Automation Protocol (SCAP)
- SCAP Components XCCDF, OVAL, DataStream, ARF, CPE, CVE, CWE, SCE.
- Other Standards SACM, SWID, CC, FIPS.
[编辑] 版本
[编辑] 功能
- Common - Objects and mechanisms used across all parts of library(在库的所有部分使用的对象和机制)
- CPE - Common Platform Enumeration(通用平台枚举)
- CVE - Common Vulnerabilities and Exposures(通用漏洞和暴露)
- CVSS - Common Vulnerability Scoring System(通用漏洞评分系统)
- OVAL - Open Vulnerability and Assessment Language(开放式漏洞和评估语言)
- XCCDF - Extensible Configuration Checklist Description Format(可扩展配置检查表描述格式)
- XCCDF_POLICY - Policy interface to XCCDF benchmark(XCCDF基准的政策接口)
[编辑] 工具
- OpenSCAP Base
- OpenSCAP Daemon
- SCAP Workbench
- SCAPTimony
- OSCAP Anaconda Add-on
- Systems Management
- Atomic Scan
[编辑] 指南
Red Hat & CentOS
# yum install openscap-scanner $ oscap -V # yum install scap-security-guide # yum install scap-workbench $ scap-workbench
Debian & Ubuntu
$ sudo apt install openscap-daemon $ oscap -V
[编辑] 项目
[编辑] 缩略语
- AI(Asset Identification)资产识别
- ARF(Asset Reporting Format)资产报告格式
- CCE(Common Configuration Enumeration)通用配置枚举
- CCSS(Common Configuration Scoring System)通用配置评分系统
- CIS(Center for Internet Security)互联网安全中心
- CPE(Common Platform Enumeration)通用平台枚举
- CVE(Common Vulnerabilities and Exposures)通用漏洞和暴露
- CVSS(Common Vulnerability Scoring System)通用漏洞评分系统
- CWE(Common Weakness Enumeration)通用弱点列举
- FIPS(Federal Information Processing Standards)联邦信息处理标准
- MITRE 在 MITRE,我们为一个更安全的世界解决问题。
- NIST(National Institute of Standards and Technology)美国国家标准与技术研究所
- NVD(National Vulnerability Database)国家漏洞数据库
- OCIL(Open Checklist Interactive Language)开放式检查表交互语言
- OVAL(Open Vulnerability and Assessment Language)开放漏洞和评估语言
- OSCAL (Open Security Controls Assessment Language) 开放式安全控制评估语言
- PCI DSS(Payment Card Industry Data Security Standard)支付卡行业数据安全标准
- SCE(Script Check Engine)脚本检查引擎
- SDS(SCAP source data stream)SCAP源数据流
- SACM(Security Automation and Continuous Monitorin)安全自动化和持续监控
- SCAP(Security Content Automation Protocol)安全内容自动化协议
- SWID(Software identification)软件识别
- USGCB(United States Government Configuration Baseline)美国政府配置基线
- XCCDF(eXtensible Configuration Checklist Description Format)可扩展配置清单描述格式
[编辑] 图集
SCAP Security Guide
SCAP Workbench
[编辑] 链接
分享您的观点
