OpenSCAP

来自开放百科 - 灰狐
(版本间的差异)
跳转到: 导航, 搜索
(以“OpenSCAP ==简介== OpenSCAP: Open Source Security Compliance(合规)Solution ==标准== ==功能== ==工具== *OpenSCAP Base *OpenSCAP Daemon *SCAP Workbenc...”为内容创建页面)
 
(图集)
(未显示1个用户的5个中间版本)
第5行: 第5行:
  
 
==标准==
 
==标准==
 +
*[http://scap.nist.gov/ Security Content Automation Protocol (SCAP)]
 +
*[https://www.open-scap.org/features/scap-components/ SCAP Components] XCCDF, OVAL, DataStream, ARF, CPE, CVE, CWE, SCE.
 +
*[https://www.open-scap.org/features/other-standards/ Other Standards] SACM, SWID, CC, FIPS.
  
 
==功能==
 
==功能==
第18行: 第21行:
  
 
==指南==
 
==指南==
 +
# yum install openscap-scanner
 +
$ oscap -V
 +
# yum install scap-security-guide
 +
# yum install scap-workbench
 +
$ scap-workbench
  
 
==项目==
 
==项目==
第24行: 第32行:
 
*AI(Asset Identification)
 
*AI(Asset Identification)
 
*ARF(Asset Reporting Format)
 
*ARF(Asset Reporting Format)
*
+
*CCE(Common Configuration Enumeration)
*
+
*CCSS(Common Configuration Scoring System)
*
+
*CIS(Center for Internet Security)
*
+
*CPE(Common Platform Enumeration)
*
+
*CVE(Common Vulnerabilities and Exposures)
*
+
*CVSS(Common Vulnerability Scoring System)
*
+
*CWE(Common Weakness Enumeration)
*
+
*FIPS(Federal Information Processing Standards)
*
+
*[http://www.mitre.org/ MITRE]
 +
*NIST(National Institute of Standards and Technology)
 +
*NVD(National Vulnerability Database)
 +
*OCIL(Open Checklist Interactive Language)
 +
*OVAL(Open Vulnerability and Assessment Language)
 +
*PCI DSS(Payment Card Industry Data Security Standard)
 +
*SCE(Script Check Engine)
 +
*SDS(SCAP source data stream)
 +
*SACM(Security Automation and Continuous Monitorin)
 +
*SCAP(Security Content Automation Protocol)
 +
*SWID(Software identification)
 +
*USGCB(United States Government Configuration Baseline)
 +
*XCCDF(eXtensible Configuration Checklist Description Format)
  
 
==图集==
 
==图集==
 +
<gallery>
 +
image:SCAP-Security-Guide.png|SCAP Security Guide
 +
image:SCAP-Workbench.png|SCAP Workbench
 +
</gallery>
  
 
==链接==
 
==链接==

2020年11月12日 (四) 15:35的版本

OpenSCAP

目录

简介

OpenSCAP: Open Source Security Compliance(合规)Solution

标准

功能

工具

  • OpenSCAP Base
  • OpenSCAP Daemon
  • SCAP Workbench
  • SCAPTimony
  • OSCAP Anaconda Add-on
  • Systems Management
  • Atomic Scan

指南

# yum install openscap-scanner
$ oscap -V
# yum install scap-security-guide
# yum install scap-workbench
$ scap-workbench

项目

缩略语

  • AI(Asset Identification)
  • ARF(Asset Reporting Format)
  • CCE(Common Configuration Enumeration)
  • CCSS(Common Configuration Scoring System)
  • CIS(Center for Internet Security)
  • CPE(Common Platform Enumeration)
  • CVE(Common Vulnerabilities and Exposures)
  • CVSS(Common Vulnerability Scoring System)
  • CWE(Common Weakness Enumeration)
  • FIPS(Federal Information Processing Standards)
  • MITRE
  • NIST(National Institute of Standards and Technology)
  • NVD(National Vulnerability Database)
  • OCIL(Open Checklist Interactive Language)
  • OVAL(Open Vulnerability and Assessment Language)
  • PCI DSS(Payment Card Industry Data Security Standard)
  • SCE(Script Check Engine)
  • SDS(SCAP source data stream)
  • SACM(Security Automation and Continuous Monitorin)
  • SCAP(Security Content Automation Protocol)
  • SWID(Software identification)
  • USGCB(United States Government Configuration Baseline)
  • XCCDF(eXtensible Configuration Checklist Description Format)

图集

  • SCAP Security Guide

  • SCAP Workbench

链接

来自“http://wiki.huihoo.com/wiki/?title=OpenSCAP&oldid=154350
分享您的观点
个人工具
名字空间

变换
操作
导航
工具箱