OpenSCAP

来自开放百科 - 灰狐
(版本间的差异)
跳转到: 导航, 搜索
(指南)
(缩略语)
 
(未显示1个用户的3个中间版本)
第16行: 第16行:
 
*[https://www.open-scap.org/features/scap-components/ SCAP Components] XCCDF, OVAL, DataStream, ARF, CPE, CVE, CWE, SCE.
 
*[https://www.open-scap.org/features/scap-components/ SCAP Components] XCCDF, OVAL, DataStream, ARF, CPE, CVE, CWE, SCE.
 
*[https://www.open-scap.org/features/other-standards/ Other Standards] SACM, SWID, CC, FIPS.
 
*[https://www.open-scap.org/features/other-standards/ Other Standards] SACM, SWID, CC, FIPS.
 +
 +
==版本==
 +
*[https://static.open-scap.org/openscap-1.3 OpenSCAP 1.3.x]
 +
*[https://static.open-scap.org/openscap-1.2 OpenSCAP 1.2.x]
  
 
==功能==
 
==功能==
 +
[https://static.open-scap.org/openscap-1.3/ SCAP Library]
 +
*Common - Objects and mechanisms used across all parts of library(在库的所有部分使用的对象和机制)
 +
*CPE - Common Platform Enumeration(通用平台枚举)
 +
*CVE - Common Vulnerabilities and Exposures(通用漏洞和暴露)
 +
*CVSS - Common Vulnerability Scoring System(通用漏洞评分系统)
 +
*OVAL - Open Vulnerability and Assessment Language(开放式漏洞和评估语言)
 +
*XCCDF - Extensible Configuration Checklist Description Format(可扩展配置检查表描述格式)
 +
*XCCDF_POLICY - Policy interface to XCCDF benchmark(XCCDF基准的政策接口)
  
 
==工具==
 
==工具==
第61行: 第73行:
 
*OCIL(Open Checklist Interactive Language)开放式检查表交互语言
 
*OCIL(Open Checklist Interactive Language)开放式检查表交互语言
 
*OVAL(Open Vulnerability and Assessment Language)开放漏洞和评估语言
 
*OVAL(Open Vulnerability and Assessment Language)开放漏洞和评估语言
 +
*OSCAL (Open Security Controls Assessment Language) 开放式安全控制评估语言
 
*PCI DSS(Payment Card Industry Data Security Standard)支付卡行业数据安全标准
 
*PCI DSS(Payment Card Industry Data Security Standard)支付卡行业数据安全标准
 
*SCE(Script Check Engine)脚本检查引擎
 
*SCE(Script Check Engine)脚本检查引擎

2022年5月11日 (三) 02:50的最后版本

Wikipedia-35x35.png 您可以在Wikipedia上了解到此条目的英文信息 OpenSCAP Thanks, Wikipedia.

OpenSCAP

OpenSCAP

目录

[编辑] 简介

OpenSCAP: Open Source Security Compliance(合规)Solution

OpenSCAP 开源安全合规解决方案,NIST认证的SCAP 1.2工具箱。

Security Content Automation Protocol (SCAP) 安全内容自动化协议

[编辑] 标准

[编辑] 版本

[编辑] 功能

SCAP Library

  • Common - Objects and mechanisms used across all parts of library(在库的所有部分使用的对象和机制)
  • CPE - Common Platform Enumeration(通用平台枚举)
  • CVE - Common Vulnerabilities and Exposures(通用漏洞和暴露)
  • CVSS - Common Vulnerability Scoring System(通用漏洞评分系统)
  • OVAL - Open Vulnerability and Assessment Language(开放式漏洞和评估语言)
  • XCCDF - Extensible Configuration Checklist Description Format(可扩展配置检查表描述格式)
  • XCCDF_POLICY - Policy interface to XCCDF benchmark(XCCDF基准的政策接口)

[编辑] 工具

  • OpenSCAP Base
  • OpenSCAP Daemon
  • SCAP Workbench
  • SCAPTimony
  • OSCAP Anaconda Add-on
  • Systems Management
  • Atomic Scan

[编辑] 指南

Static OpenSCAP

Red Hat & CentOS

# yum install openscap-scanner
$ oscap -V
# yum install scap-security-guide
# yum install scap-workbench
$ scap-workbench

Debian & Ubuntu

$ sudo apt install openscap-daemon 
$ oscap -V

[编辑] 项目

[编辑] 缩略语

  • AI(Asset Identification)资产识别
  • ARF(Asset Reporting Format)资产报告格式
  • CCE(Common Configuration Enumeration)通用配置枚举
  • CCSS(Common Configuration Scoring System)通用配置评分系统
  • CIS(Center for Internet Security)互联网安全中心
  • CPE(Common Platform Enumeration)通用平台枚举
  • CVE(Common Vulnerabilities and Exposures)通用漏洞和暴露
  • CVSS(Common Vulnerability Scoring System)通用漏洞评分系统
  • CWE(Common Weakness Enumeration)通用弱点列举
  • FIPS(Federal Information Processing Standards)联邦信息处理标准
  • MITRE 在 MITRE,我们为一个更安全的世界解决问题。
  • NIST(National Institute of Standards and Technology)美国国家标准与技术研究所
  • NVD(National Vulnerability Database)国家漏洞数据库
  • OCIL(Open Checklist Interactive Language)开放式检查表交互语言
  • OVAL(Open Vulnerability and Assessment Language)开放漏洞和评估语言
  • OSCAL (Open Security Controls Assessment Language) 开放式安全控制评估语言
  • PCI DSS(Payment Card Industry Data Security Standard)支付卡行业数据安全标准
  • SCE(Script Check Engine)脚本检查引擎
  • SDS(SCAP source data stream)SCAP源数据流
  • SACM(Security Automation and Continuous Monitorin)安全自动化和持续监控
  • SCAP(Security Content Automation Protocol)安全内容自动化协议
  • SWID(Software identification)软件识别
  • USGCB(United States Government Configuration Baseline)美国政府配置基线
  • XCCDF(eXtensible Configuration Checklist Description Format)可扩展配置清单描述格式

[编辑] 图集

[编辑] 链接

分享您的观点
个人工具
名字空间

变换
操作
导航
工具箱