欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/Agda, C++/Erlang/Lisp
OpenSCAP
来自开放百科 - 灰狐
(版本间的差异)
(以“OpenSCAP ==简介== OpenSCAP: Open Source Security Compliance(合规)Solution ==标准== ==功能== ==工具== *OpenSCAP Base *OpenSCAP Daemon *SCAP Workbenc...”为内容创建页面) |
小 (→图集) |
||
(未显示1个用户的5个中间版本) | |||
第5行: | 第5行: | ||
==标准== | ==标准== | ||
+ | *[http://scap.nist.gov/ Security Content Automation Protocol (SCAP)] | ||
+ | *[https://www.open-scap.org/features/scap-components/ SCAP Components] XCCDF, OVAL, DataStream, ARF, CPE, CVE, CWE, SCE. | ||
+ | *[https://www.open-scap.org/features/other-standards/ Other Standards] SACM, SWID, CC, FIPS. | ||
==功能== | ==功能== | ||
第18行: | 第21行: | ||
==指南== | ==指南== | ||
+ | # yum install openscap-scanner | ||
+ | $ oscap -V | ||
+ | # yum install scap-security-guide | ||
+ | # yum install scap-workbench | ||
+ | $ scap-workbench | ||
==项目== | ==项目== | ||
第24行: | 第32行: | ||
*AI(Asset Identification) | *AI(Asset Identification) | ||
*ARF(Asset Reporting Format) | *ARF(Asset Reporting Format) | ||
− | * | + | *CCE(Common Configuration Enumeration) |
− | * | + | *CCSS(Common Configuration Scoring System) |
− | * | + | *CIS(Center for Internet Security) |
− | * | + | *CPE(Common Platform Enumeration) |
− | * | + | *CVE(Common Vulnerabilities and Exposures) |
− | * | + | *CVSS(Common Vulnerability Scoring System) |
− | * | + | *CWE(Common Weakness Enumeration) |
− | * | + | *FIPS(Federal Information Processing Standards) |
− | * | + | *[http://www.mitre.org/ MITRE] |
+ | *NIST(National Institute of Standards and Technology) | ||
+ | *NVD(National Vulnerability Database) | ||
+ | *OCIL(Open Checklist Interactive Language) | ||
+ | *OVAL(Open Vulnerability and Assessment Language) | ||
+ | *PCI DSS(Payment Card Industry Data Security Standard) | ||
+ | *SCE(Script Check Engine) | ||
+ | *SDS(SCAP source data stream) | ||
+ | *SACM(Security Automation and Continuous Monitorin) | ||
+ | *SCAP(Security Content Automation Protocol) | ||
+ | *SWID(Software identification) | ||
+ | *USGCB(United States Government Configuration Baseline) | ||
+ | *XCCDF(eXtensible Configuration Checklist Description Format) | ||
==图集== | ==图集== | ||
+ | <gallery> | ||
+ | image:SCAP-Security-Guide.png|SCAP Security Guide | ||
+ | image:SCAP-Workbench.png|SCAP Workbench | ||
+ | </gallery> | ||
==链接== | ==链接== |
2020年11月12日 (四) 15:35的版本
OpenSCAP
目录 |
简介
OpenSCAP: Open Source Security Compliance(合规)Solution
标准
- Security Content Automation Protocol (SCAP)
- SCAP Components XCCDF, OVAL, DataStream, ARF, CPE, CVE, CWE, SCE.
- Other Standards SACM, SWID, CC, FIPS.
功能
工具
- OpenSCAP Base
- OpenSCAP Daemon
- SCAP Workbench
- SCAPTimony
- OSCAP Anaconda Add-on
- Systems Management
- Atomic Scan
指南
# yum install openscap-scanner $ oscap -V # yum install scap-security-guide # yum install scap-workbench $ scap-workbench
项目
缩略语
- AI(Asset Identification)
- ARF(Asset Reporting Format)
- CCE(Common Configuration Enumeration)
- CCSS(Common Configuration Scoring System)
- CIS(Center for Internet Security)
- CPE(Common Platform Enumeration)
- CVE(Common Vulnerabilities and Exposures)
- CVSS(Common Vulnerability Scoring System)
- CWE(Common Weakness Enumeration)
- FIPS(Federal Information Processing Standards)
- MITRE
- NIST(National Institute of Standards and Technology)
- NVD(National Vulnerability Database)
- OCIL(Open Checklist Interactive Language)
- OVAL(Open Vulnerability and Assessment Language)
- PCI DSS(Payment Card Industry Data Security Standard)
- SCE(Script Check Engine)
- SDS(SCAP source data stream)
- SACM(Security Automation and Continuous Monitorin)
- SCAP(Security Content Automation Protocol)
- SWID(Software identification)
- USGCB(United States Government Configuration Baseline)
- XCCDF(eXtensible Configuration Checklist Description Format)
图集
链接
分享您的观点