#openscap
LightNews LightNews
rahulporuri.mastodon.social.ap.brid.gy
TIL in-toto and OpenSCAP
Tools that enforce integrity of software supply chain
August 4, 2025 at 9:08 AM
netways.de
Blogged: Compliance Reports in #theforeman with #openscap -

wp.me/pgR2o-lEf
Compliance Reports in Foreman
Ein Steckenpferd von mir ist Security und ich habe mich daher schon vor einer ganzen Weile auch mit OpenSCAP beschäftigt, um umgesetzte Sicherheitsmaßnahmen auch zu visualisieren und regelmäßig auf Compliance zu prüfen. Mein damaliger Workflow bestand dann noch aus Cronjobs, Monitoringplugin und selbstgestricktem Dateiupload, doch nun nimmt mir auch hier Foreman die Arbeit ab. Doch einmal langsam und von vorne: Was ist OpenSCAP eigentlich? SCAP ist die Abkürzung für Security Content Automation Protocol. Dieses baut auf bereits etablierten Standards auf um sicherheitsrelevante Software-Fehler und Konfigurationsprobleme darzustellen und bringt diese in eine Form, die eine automatisierte Auswertung ermöglicht. OpenSCAP ist eine OpenSource-Implementierung dieses Standards und liefert beispielhafte Richtlinien für verschiedene Linux-Distributionen und Anwendungen wie Java oder Firefox, Werkzeuge zur Überprüfung und Anpassung der Richtlinien an Firmenvorgaben. Diese Werkzeuge macht sich das Foreman-Plugin OpenSCAP zu Nutze um Compliance Reports zu integrieren. Prinzipiell besteht es aus drei Komponenten. Das eigentliche Plugin erweitert Foreman um die Möglichkeit SCAP-Regelwerke im Datastream-Format hochzuladen, im Anschluss darin enthaltene Profile Hostgruppen zuzuweisen, eine Anleitung für den Administrator zu erzeugen und zu guter Letzt die Reports der Systeme anzuzeigen. Die Kommunikation läuft hierbei über den Smart Proxy, der ebenfalls durch ein Plugin erweitert wird, das den Download der Profile […]
wp.me
February 25, 2025 at 6:51 PM
stephane-robert.bsky.social
Que pensez-vous de l'idée de fournir une box vagrant/kvm intégrant les outils de durcissement :
- openscap
- lynis
- ssh-audit
Vous voyez d'autres produits à intégrer ?
#DevOps #DevSecOps
December 13, 2023 at 1:18 PM
linux.activitypub.awakari.com.ap.brid.gy
Automating OpenSCAP Scans via Docker CLI Introduction Continue reading on Medium »

https://medium.com/@eren.c.uysal/automating-openscap-scans-via-docker-cli-719304a72f1d?source=rss------technology-5

#technology #tech #opensuorce #automation #linux

Result Details
Automating OpenSCAP Scans via Docker CLI
Introduction
medium.com
May 11, 2025 at 8:01 PM
governa.lol
Assessing and Hardening #Linux with #OpenSCAP 🐧

cromwell-intl.com/cybersecurit...
Assessing and Hardening Linux with OpenSCAP
Using the OpenSCAP toolkit to assess and improve Linux security.
cromwell-intl.com
November 13, 2023 at 11:11 PM
vidmooreda.bsky.social
ohhhhhh my. Ran a #openscap report on my #wsl2 instance. I have a score of 72%... I am failing over 50 items, and remediation is going to suck eggs.... I wish there was a control to mass remediate these...
May 18, 2025 at 3:03 PM
packetstorm.bsky.social
OpenSCAP Libraries 1.4.3 https://packetstorm.news/files/211935
November 24, 2025 at 8:55 PM
ferramentaslinux.bsky.social
Critical sudo vulnerability (CVE-2025-32462) threatens #Oracle Linux 7 systems. Key actions:

Update via yum --security update sudo

Disable risky binaries in sudoers

Scan with OpenSCAP NVD checks
Official patch: oss.oracle.com/ol7/SRPMS-updates… Read more: 👉tinyurl.com/mwz5jppy
Critical sudo Vulnerability in Oracle Linux 7 (CVE-2025-32462): Patch Immediately to Prevent Privilege Escalation
Blog com notícias sobre, Linux, Android, Segurança , etc
tinyurl.com
July 25, 2025 at 9:51 PM
stephane-robert.bsky.social
Je viens de publier une box vagrant Ubuntu intégrant OpenScap, Lynis et ssh-audit à des fins de tester du code d'infra pour du durcissement. Je l'utilise dans le développement de roles Ansible.
app.vagrantup.com/stephrobert/...
blog.stephane-robert.info/post/ansible...
#DevOps
Durcissez vos rôles Ansible avec OpenScap | Stéphane ROBERT
Voyons comment hardener (durcir) la configuration de l'OS et des middleware avec l'aide d'OpenScap
blog.stephane-robert.info
December 14, 2023 at 2:55 PM
packetstorm.bsky.social
OpenSCAP Libraries 1.3.12 https://packetstorm.news/files/190320
April 7, 2025 at 7:54 PM
eternalyperplxed.bsky.social
I really wish Openscap would order their results to match the CIS benchmarks...
August 9, 2023 at 4:44 PM
iodomi.infosec.exchange.ap.brid.gy
I found out that hardening #alpinelinux with use of industry standard tools (to make high-level #production #security) is quite different like #OpenSCAP doesn't work as expected and I'm figuring it out. I know #RHEL-based #linux would be better for this purpose, but I'm taking the challenge […]
Original post on infosec.exchange
infosec.exchange
November 24, 2025 at 8:01 AM
nicoladiaz.bsky.social
Ansible - Durcissez vos rôles avec OpenScap

Par @RobertStphane19 (Merci beaucoup)
November 19, 2024 at 9:14 PM
ytroncal.bsky.social
SSH Hardening Made Easy with OpenSCAP dev.to/sebos/ssh-ha...
SSH Hardening Made Easy with OpenSCAP
Learn how to enhance the security of your SSH server using OpenSCAP, an open-source security automation tool.
dev.to
January 18, 2025 at 8:36 PM
bluesky.awakari.com
Automating OpenSCAP Scans via Docker CLI Introduction Continue reading on Medium »

| Details | Interest | Feed |
Origin
medium.com
May 11, 2025 at 8:00 PM
ferramentaslinux.bsky.social
📣 Critical sudo vulnerability (CVE-2025-32462) threatens #Oracle Linux 7 systems. Key actions:

Update via yum --security update sudo

Disable risky binaries in sudoers

Scan with OpenSCAP NVD checks
Read more: 👉 tinyurl.com/mwz5jppy
Critical sudo Vulnerability in Oracle Linux 7 (CVE-2025-32462): Patch Immediately to Prevent Privilege Escalation
Blog com notícias sobre, Linux, Android, Segurança , etc
tinyurl.com
July 25, 2025 at 9:46 PM
packetstorm.bsky.social
OpenSCAP Libraries 1.3.13 https://packetstorm.news/files/211595
November 13, 2025 at 6:56 PM
almalinux.org
🎉 Celebrate 4 years since AlmaLinux's first beta release with @Andrew Lukoshko at #CentOSConnect 2025!

Discover how AlmaLinux stands out with unique tools, builds, hardware support, OpenSCAP profiles, and more.

🔗 https://cfp.fedoraproject.org/centos-connect-2025/talk/XTLCAX/ @centosproject.bsky…
AlmaLinux: the special derivative CentOS Connect
On the dates of CentOS Connect 2025, we get to celebrate exactly 4 years since the release of the very first beta version of AlmaLinux. While being RHEL (and later CentOS Stream) derivative AlmaLinux…
cfp.fedoraproject.org
January 28, 2025 at 10:39 PM
pdr2002.bsky.social
Strengthening #Linux Security by Auditing with #OpenSCAP | Linux Journal www.linuxjournal.com/content/stre... via @linuxjournal
Strengthening Linux Security by Auditing with OpenSCAP | Linux Journal
www.linuxjournal.com
April 24, 2024 at 6:35 AM
packetstorm.bsky.social
OpenSCAP Libraries 1.4.1 https://packetstorm.news/files/183377
January 9, 2025 at 8:05 PM
shrug.pw
Upwork job: Build DISA STIG-compliant Rocky Linux golden image + Terraform automation. ~100 hours of specialized security work.

Their budget: $1,000 My quote: $9,500
Only off by 950% 🤡

This is why (most) engineers avoid freelance platforms. DoD-level security ≠ weekend project.

#KnowYourWorth
Screenshot of part of client project description showing advanced requirements. Text: Version Control (Git): All work will be in GitHub, so you should be comfortable organizing code in Git, writing clear commit messages, and contributing documentation in markdown. If you plan to use CI/CD (Github Actions or others) to test the Packer/Terraform builds, that would be a plus (we have a self-hosted runner available as noted). Attention to Detail: The project involves security compliance and low-level system configuration. A mistake in partitioning, encryption, or a STIG setting could cause failures or non-compliance. You should test your work thoroughly and be attentive to meeting all requirements. Budget and Payment Budget: $1,000 USD fixed price for the entire project. This is split into two equal milestones: $500 for Phase 1 and $500 for Phase 2. Payment: Each milestone payment will be released upon successful completion, delivery, and our acceptance of the phase’s deliverables. “Successful completion” means the Packer build or Terraform deployment has been tested and works as expected, and all requirements for that phase are met. We are open to reasonable adjustments or support during testing to get things running in our environment. If extra work or changes beyond the original scope are needed, we can discuss scope adjustments and potential bonus or follow-up contracts. However, the scope above is intended to be comprehensive for this engagement. Screenshot of part of my proposal to them. Text: ### Phase 1: STIG-Compliant Golden Image - **STIG research & implementation**: 28-35 hours - Profile analysis, OpenSCAP integration, manual hardening - Partition scheme design (separate /var/log, /var/tmp, /home, etc.) - Service hardening, access controls, banner configuration - **Packer template development**: 12-16 hours - Template creation, provisioner integration, build testing - **TPM encryption setup**: 10-14 hours - Virtual TPM configuration, LUKS automation, boot testing - **Cloud-init integration**: 6-8 hours - Configuration, testing, validation - **Documentation & validation**: 6-8 hours - README, compliance reports, testing procedures **Phase 1 total: 62-81 hours** ### Phase 2: Terraform Deployment Automation - **Proxmox provider integration**: 10-14 hours - Template deployment, resource configuration - **Automatic partition resizing**: 8-12 hours - Cloud-init growpart, filesystem expansion automation - **Network/hostname configuration**: 4-6 hours - Static IP assignment, cloud-init metadata - **Testing & validation**: 8-10 hours - Multi-VM deployment testing, Ansible verification - **Documentation**: 4-6 hours - Usage guides, troubleshooting, examples **Phase 2 total: 34-48 hours** ### Project Totals - **Total effort**: 96-129 hours - **At $80/hour**: $7,680-10,320 - **At $110/hour**: $10,560-14,190
September 8, 2025 at 1:20 PM
bluesky.awakari.com
False negatives using OpenSCAP on Canonical-issued OVAL files? #2004 # security https:// askubuntu.com/q/1556827/612

Interest | Match | Feed
Origin
ubuntu.social
October 2, 2025 at 4:30 AM
governa.lol
Strengthening #Linux Security by Auditing with #OpenSCAP

lxer.com/module/newsw...
April 25, 2024 at 4:26 AM
blueteamjk.bsky.social
OpenSCAP is still in use, especially for DISA STIG in Linux.

It's more of a lost opportunity than anything. It used to be that OpenSCAP and OpenVMS was the bar, and many vuln scanners supported it. As its now all fallen wayside, None of the new NG vulnerability suites are interoperable.
June 17, 2025 at 9:06 PM
theroundedman.bsky.social
Un influencer con millones de seguidores acaba de recomendar openscap como herramienta de defensa "poderosa". Ahora se que no se ha mirado la herramienta y solo pone cosas de oídas o de AIdas. Sin ficheros con políticas de hardening complementarias no sirve de nada. Y no dice de dónde bajarlas...
August 5, 2025 at 8:59 PM