#openscap — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #openscap, aggregated by home.social.
-
Zum aktuellen Linux-Magazin 04/26 durfte ich neben dem zweiten Artikel über Patch-Management mit #Uyuni (https://www.linux-magazin.de/ausgaben/2026/04/patch-me-if-you-can/) auch Informationen zum Thema #OpenSCAP beitragen.
👉🏻 https://www.linux-magazin.de/ausgaben/2026/04/openscap/
In diesem Artikel werden die Grundlagen des Frameworks erklärt - anhand von Praxisbeispielen wird das Auditieren und automatische Abhärten geschildert.
-
Zum aktuellen Linux-Magazin 04/26 durfte ich neben dem zweiten Artikel über Patch-Management mit #Uyuni (https://www.linux-magazin.de/ausgaben/2026/04/patch-me-if-you-can/) auch Informationen zum Thema #OpenSCAP beitragen.
👉🏻 https://www.linux-magazin.de/ausgaben/2026/04/openscap/
In diesem Artikel werden die Grundlagen des Frameworks erklärt - anhand von Praxisbeispielen wird das Auditieren und automatische Abhärten geschildert.
-
Zum aktuellen Linux-Magazin 04/26 durfte ich neben dem zweiten Artikel über Patch-Management mit #Uyuni (https://www.linux-magazin.de/ausgaben/2026/04/patch-me-if-you-can/) auch Informationen zum Thema #OpenSCAP beitragen.
👉🏻 https://www.linux-magazin.de/ausgaben/2026/04/openscap/
In diesem Artikel werden die Grundlagen des Frameworks erklärt - anhand von Praxisbeispielen wird das Auditieren und automatische Abhärten geschildert.
-
Zum aktuellen Linux-Magazin 04/26 durfte ich neben dem zweiten Artikel über Patch-Management mit #Uyuni (https://www.linux-magazin.de/ausgaben/2026/04/patch-me-if-you-can/) auch Informationen zum Thema #OpenSCAP beitragen.
👉🏻 https://www.linux-magazin.de/ausgaben/2026/04/openscap/
In diesem Artikel werden die Grundlagen des Frameworks erklärt - anhand von Praxisbeispielen wird das Auditieren und automatische Abhärten geschildert.
-
Zum aktuellen Linux-Magazin 04/26 durfte ich neben dem zweiten Artikel über Patch-Management mit #Uyuni (https://www.linux-magazin.de/ausgaben/2026/04/patch-me-if-you-can/) auch Informationen zum Thema #OpenSCAP beitragen.
👉🏻 https://www.linux-magazin.de/ausgaben/2026/04/openscap/
In diesem Artikel werden die Grundlagen des Frameworks erklärt - anhand von Praxisbeispielen wird das Auditieren und automatische Abhärten geschildert.
-
So. one of the things that I am busy with, is part of a lab that will be used at conferences and events around RHEL Image mode (bootc), on building compliance and hardening into the base image. Pretty neat stuff.
You can use OpenSCAP in the Containerfile, and harden the OS before it ever hits hardware. On the other side of it, you get an immutable OS, thats configured to your compliance profile. Pretty cool.
But its due tomorrow, which is what makes it stressful. :P
-
So. one of the things that I am busy with, is part of a lab that will be used at conferences and events around RHEL Image mode (bootc), on building compliance and hardening into the base image. Pretty neat stuff.
You can use OpenSCAP in the Containerfile, and harden the OS before it ever hits hardware. On the other side of it, you get an immutable OS, thats configured to your compliance profile. Pretty cool.
But its due tomorrow, which is what makes it stressful. :P
-
So. one of the things that I am busy with, is part of a lab that will be used at conferences and events around RHEL Image mode (bootc), on building compliance and hardening into the base image. Pretty neat stuff.
You can use OpenSCAP in the Containerfile, and harden the OS before it ever hits hardware. On the other side of it, you get an immutable OS, thats configured to your compliance profile. Pretty cool.
But its due tomorrow, which is what makes it stressful. :P
-
So. one of the things that I am busy with, is part of a lab that will be used at conferences and events around RHEL Image mode (bootc), on building compliance and hardening into the base image. Pretty neat stuff.
You can use OpenSCAP in the Containerfile, and harden the OS before it ever hits hardware. On the other side of it, you get an immutable OS, thats configured to your compliance profile. Pretty cool.
But its due tomorrow, which is what makes it stressful. :P
-
So. one of the things that I am busy with, is part of a lab that will be used at conferences and events around RHEL Image mode (bootc), on building compliance and hardening into the base image. Pretty neat stuff.
You can use OpenSCAP in the Containerfile, and harden the OS before it ever hits hardware. On the other side of it, you get an immutable OS, thats configured to your compliance profile. Pretty cool.
But its due tomorrow, which is what makes it stressful. :P
-
I found out that hardening #AlpineLinux with use of industry standard tools (to make high-level #production #security) is quite different like #OpenSCAP doesn't work as expected and I'm figuring it out. I know #RHEL-based #Linux would be better for this purpose, but I'm taking the challenge. :blobcatwitch:
-
I found out that hardening #AlpineLinux with use of industry standard tools (to make high-level #production #security) is quite different like #OpenSCAP doesn't work as expected and I'm figuring it out. I know #RHEL-based #Linux would be better for this purpose, but I'm taking the challenge. :blobcatwitch:
-
I found out that hardening #AlpineLinux with use of industry standard tools (to make high-level #production #security) is quite different like #OpenSCAP doesn't work as expected and I'm figuring it out. I know #RHEL-based #Linux would be better for this purpose, but I'm taking the challenge. :blobcatwitch:
-
Anyone have some experience with #SCAP using something like #OpenSCAP and #ComplianceAsCode?
I'm looking to do some tailoring, both removing and adding rules. E.g. CIS Benchmark L2 Server's have a federal ssh warning. But my institution has it's own. So I'd need to remove that rule from a custom profile but add another one.
-
Cómo instalar y usar OpenSCAP para mejorar la seguridad de Rocky Linux #RockyLinux #Linux #OpenSCAP
https://algoentremanos.com/como-instalar-usar-openscap-rocky-linux/
-
Cómo instalar y usar OpenSCAP para mejorar la seguridad de Rocky Linux #RockyLinux #Linux #OpenSCAP
https://algoentremanos.com/como-instalar-usar-openscap-rocky-linux/
-
Cómo instalar y usar OpenSCAP para mejorar la seguridad de Rocky Linux #RockyLinux #Linux #OpenSCAP
https://algoentremanos.com/como-instalar-usar-openscap-rocky-linux/
-
Cómo instalar y usar OpenSCAP para mejorar la seguridad de Rocky Linux #RockyLinux #Linux #OpenSCAP
https://algoentremanos.com/como-instalar-usar-openscap-rocky-linux/
-
Cómo instalar y usar OpenSCAP para mejorar la seguridad de Rocky Linux #RockyLinux #Linux #OpenSCAP
https://algoentremanos.com/como-instalar-usar-openscap-rocky-linux/
-
-
-
-
-
-
Oh! It's been a while since I commented on #RedHat #ImageBuilder / #osbuild :D Let's correct that.
It's absolute awesome how you can set an #OpenSCAP profile directly in the blueprint. It's also completely useless :) It always performs both an evaluation and remediation step, with no option to turn the remediation off, or to supply a tailored profile with added or excluded tests.
I can't imagine many images being built that don't have some form of post-processing, so running remediation beforehand is either just unwanted or worse, changes things that shouldn't be changed.
Now, I do really mean that the intention is awesome. I just think there weren't too many actual users offering input :) So, this is mine - please take it as constructive criticism.
-
Oh! It's been a while since I commented on #RedHat #ImageBuilder / #osbuild :D Let's correct that.
It's absolute awesome how you can set an #OpenSCAP profile directly in the blueprint. It's also completely useless :) It always performs both an evaluation and remediation step, with no option to turn the remediation off, or to supply a tailored profile with added or excluded tests.
I can't imagine many images being built that don't have some form of post-processing, so running remediation beforehand is either just unwanted or worse, changes things that shouldn't be changed.
Now, I do really mean that the intention is awesome. I just think there weren't too many actual users offering input :) So, this is mine - please take it as constructive criticism.
-
Oh! It's been a while since I commented on #RedHat #ImageBuilder / #osbuild :D Let's correct that.
It's absolute awesome how you can set an #OpenSCAP profile directly in the blueprint. It's also completely useless :) It always performs both an evaluation and remediation step, with no option to turn the remediation off, or to supply a tailored profile with added or excluded tests.
I can't imagine many images being built that don't have some form of post-processing, so running remediation beforehand is either just unwanted or worse, changes things that shouldn't be changed.
Now, I do really mean that the intention is awesome. I just think there weren't too many actual users offering input :) So, this is mine - please take it as constructive criticism.
-
Oh! It's been a while since I commented on #RedHat #ImageBuilder / #osbuild :D Let's correct that.
It's absolute awesome how you can set an #OpenSCAP profile directly in the blueprint. It's also completely useless :) It always performs both an evaluation and remediation step, with no option to turn the remediation off, or to supply a tailored profile with added or excluded tests.
I can't imagine many images being built that don't have some form of post-processing, so running remediation beforehand is either just unwanted or worse, changes things that shouldn't be changed.
Now, I do really mean that the intention is awesome. I just think there weren't too many actual users offering input :) So, this is mine - please take it as constructive criticism.
-
Oh! It's been a while since I commented on #RedHat #ImageBuilder / #osbuild :D Let's correct that.
It's absolute awesome how you can set an #OpenSCAP profile directly in the blueprint. It's also completely useless :) It always performs both an evaluation and remediation step, with no option to turn the remediation off, or to supply a tailored profile with added or excluded tests.
I can't imagine many images being built that don't have some form of post-processing, so running remediation beforehand is either just unwanted or worse, changes things that shouldn't be changed.
Now, I do really mean that the intention is awesome. I just think there weren't too many actual users offering input :) So, this is mine - please take it as constructive criticism.
-
Nouvelle version 6.1 disponible ! Nous avons amélioré nos plugins de sécurité, comme le plugin de gestion des vulnérabilités, et bien d'autres fonctionnalités ! #CVE #CIS #openscap & variables hiérarchisées
👉 Découvrez les toutes : https://www.rudder.io/fr/open-source/telecharger/ -
Nouvelle version 6.1 disponible ! Nous avons amélioré nos plugins de sécurité, comme le plugin de gestion des vulnérabilités, et bien d'autres fonctionnalités ! #CVE #CIS #openscap & variables hiérarchisées
👉 Découvrez les toutes : https://www.rudder.io/fr/open-source/telecharger/ -
If you look for a hardening guide for your linux system, I can recommend "The practical linux hardening Guide" by trimstray.
https://trimstray.github.io/the-practical-linux-hardening-guide/
Why?
1. It's based on SCAP policies.
2. It uses standards
3. It provides you with references and rationals, not just actionsThis will allow you to consider whenever or not you should apply this configuration to your setup.
#linux #security #infosec #OpenSCAP #hardening #centos #Fedora #RHEL