home.social

#openscap — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #openscap, aggregated by home.social.

  1. Zum aktuellen Linux-Magazin 04/26 durfte ich neben dem zweiten Artikel über Patch-Management mit #Uyuni (linux-magazin.de/ausgaben/2026) auch Informationen zum Thema #OpenSCAP beitragen.

    👉🏻 linux-magazin.de/ausgaben/2026

    In diesem Artikel werden die Grundlagen des Frameworks erklärt - anhand von Praxisbeispielen wird das Auditieren und automatische Abhärten geschildert.

    #Linux #Security

  2. Zum aktuellen Linux-Magazin 04/26 durfte ich neben dem zweiten Artikel über Patch-Management mit #Uyuni (linux-magazin.de/ausgaben/2026) auch Informationen zum Thema #OpenSCAP beitragen.

    👉🏻 linux-magazin.de/ausgaben/2026

    In diesem Artikel werden die Grundlagen des Frameworks erklärt - anhand von Praxisbeispielen wird das Auditieren und automatische Abhärten geschildert.

    #Linux #Security

  3. Zum aktuellen Linux-Magazin 04/26 durfte ich neben dem zweiten Artikel über Patch-Management mit #Uyuni (linux-magazin.de/ausgaben/2026) auch Informationen zum Thema #OpenSCAP beitragen.

    👉🏻 linux-magazin.de/ausgaben/2026

    In diesem Artikel werden die Grundlagen des Frameworks erklärt - anhand von Praxisbeispielen wird das Auditieren und automatische Abhärten geschildert.

    #Linux #Security

  4. Zum aktuellen Linux-Magazin 04/26 durfte ich neben dem zweiten Artikel über Patch-Management mit #Uyuni (linux-magazin.de/ausgaben/2026) auch Informationen zum Thema #OpenSCAP beitragen.

    👉🏻 linux-magazin.de/ausgaben/2026

    In diesem Artikel werden die Grundlagen des Frameworks erklärt - anhand von Praxisbeispielen wird das Auditieren und automatische Abhärten geschildert.

    #Linux #Security

  5. Zum aktuellen Linux-Magazin 04/26 durfte ich neben dem zweiten Artikel über Patch-Management mit #Uyuni (linux-magazin.de/ausgaben/2026) auch Informationen zum Thema #OpenSCAP beitragen.

    👉🏻 linux-magazin.de/ausgaben/2026

    In diesem Artikel werden die Grundlagen des Frameworks erklärt - anhand von Praxisbeispielen wird das Auditieren und automatische Abhärten geschildert.

    #Linux #Security

  6. So. one of the things that I am busy with, is part of a lab that will be used at conferences and events around RHEL Image mode (bootc), on building compliance and hardening into the base image. Pretty neat stuff.

    You can use OpenSCAP in the Containerfile, and harden the OS before it ever hits hardware. On the other side of it, you get an immutable OS, thats configured to your compliance profile. Pretty cool.

    But its due tomorrow, which is what makes it stressful. :P

    #redhat #rhel #bootc #linux #openscap #compliance

  7. So. one of the things that I am busy with, is part of a lab that will be used at conferences and events around RHEL Image mode (bootc), on building compliance and hardening into the base image. Pretty neat stuff.

    You can use OpenSCAP in the Containerfile, and harden the OS before it ever hits hardware. On the other side of it, you get an immutable OS, thats configured to your compliance profile. Pretty cool.

    But its due tomorrow, which is what makes it stressful. :P

    #redhat #rhel #bootc #linux #openscap #compliance

  8. So. one of the things that I am busy with, is part of a lab that will be used at conferences and events around RHEL Image mode (bootc), on building compliance and hardening into the base image. Pretty neat stuff.

    You can use OpenSCAP in the Containerfile, and harden the OS before it ever hits hardware. On the other side of it, you get an immutable OS, thats configured to your compliance profile. Pretty cool.

    But its due tomorrow, which is what makes it stressful. :P

    #redhat #rhel #bootc #linux #openscap #compliance

  9. So. one of the things that I am busy with, is part of a lab that will be used at conferences and events around RHEL Image mode (bootc), on building compliance and hardening into the base image. Pretty neat stuff.

    You can use OpenSCAP in the Containerfile, and harden the OS before it ever hits hardware. On the other side of it, you get an immutable OS, thats configured to your compliance profile. Pretty cool.

    But its due tomorrow, which is what makes it stressful. :P

    #redhat #rhel #bootc #linux #openscap #compliance

  10. So. one of the things that I am busy with, is part of a lab that will be used at conferences and events around RHEL Image mode (bootc), on building compliance and hardening into the base image. Pretty neat stuff.

    You can use OpenSCAP in the Containerfile, and harden the OS before it ever hits hardware. On the other side of it, you get an immutable OS, thats configured to your compliance profile. Pretty cool.

    But its due tomorrow, which is what makes it stressful. :P

    #redhat #rhel #bootc #linux #openscap #compliance

  11. I found out that hardening #AlpineLinux with use of industry standard tools (to make high-level #production #security) is quite different like #OpenSCAP doesn't work as expected and I'm figuring it out. I know #RHEL-based #Linux would be better for this purpose, but I'm taking the challenge. :blobcatwitch:

  12. I found out that hardening #AlpineLinux with use of industry standard tools (to make high-level #production #security) is quite different like #OpenSCAP doesn't work as expected and I'm figuring it out. I know #RHEL-based #Linux would be better for this purpose, but I'm taking the challenge. :blobcatwitch:

  13. I found out that hardening #AlpineLinux with use of industry standard tools (to make high-level #production #security) is quite different like #OpenSCAP doesn't work as expected and I'm figuring it out. I know #RHEL-based #Linux would be better for this purpose, but I'm taking the challenge. :blobcatwitch:

  14. Anyone have some experience with #SCAP using something like #OpenSCAP and #ComplianceAsCode?

    I'm looking to do some tailoring, both removing and adding rules. E.g. CIS Benchmark L2 Server's have a federal ssh warning. But my institution has it's own. So I'd need to remove that rule from a custom profile but add another one.

  15. @zhenech First thought you were talking about #OpenSCAP and became a little worried.

  16. @zhenech First thought you were talking about #OpenSCAP and became a little worried.

  17. @zhenech First thought you were talking about #OpenSCAP and became a little worried.

  18. @zhenech First thought you were talking about #OpenSCAP and became a little worried.

  19. @zhenech First thought you were talking about #OpenSCAP and became a little worried.

  20. Oh! It's been a while since I commented on #RedHat #ImageBuilder / #osbuild :D Let's correct that.

    It's absolute awesome how you can set an #OpenSCAP profile directly in the blueprint. It's also completely useless :) It always performs both an evaluation and remediation step, with no option to turn the remediation off, or to supply a tailored profile with added or excluded tests.

    I can't imagine many images being built that don't have some form of post-processing, so running remediation beforehand is either just unwanted or worse, changes things that shouldn't be changed.

    Now, I do really mean that the intention is awesome. I just think there weren't too many actual users offering input :) So, this is mine - please take it as constructive criticism.

  21. Oh! It's been a while since I commented on #RedHat #ImageBuilder / #osbuild :D Let's correct that.

    It's absolute awesome how you can set an #OpenSCAP profile directly in the blueprint. It's also completely useless :) It always performs both an evaluation and remediation step, with no option to turn the remediation off, or to supply a tailored profile with added or excluded tests.

    I can't imagine many images being built that don't have some form of post-processing, so running remediation beforehand is either just unwanted or worse, changes things that shouldn't be changed.

    Now, I do really mean that the intention is awesome. I just think there weren't too many actual users offering input :) So, this is mine - please take it as constructive criticism.

  22. Oh! It's been a while since I commented on #RedHat #ImageBuilder / #osbuild :D Let's correct that.

    It's absolute awesome how you can set an #OpenSCAP profile directly in the blueprint. It's also completely useless :) It always performs both an evaluation and remediation step, with no option to turn the remediation off, or to supply a tailored profile with added or excluded tests.

    I can't imagine many images being built that don't have some form of post-processing, so running remediation beforehand is either just unwanted or worse, changes things that shouldn't be changed.

    Now, I do really mean that the intention is awesome. I just think there weren't too many actual users offering input :) So, this is mine - please take it as constructive criticism.

  23. Oh! It's been a while since I commented on #RedHat #ImageBuilder / #osbuild :D Let's correct that.

    It's absolute awesome how you can set an #OpenSCAP profile directly in the blueprint. It's also completely useless :) It always performs both an evaluation and remediation step, with no option to turn the remediation off, or to supply a tailored profile with added or excluded tests.

    I can't imagine many images being built that don't have some form of post-processing, so running remediation beforehand is either just unwanted or worse, changes things that shouldn't be changed.

    Now, I do really mean that the intention is awesome. I just think there weren't too many actual users offering input :) So, this is mine - please take it as constructive criticism.

  24. Oh! It's been a while since I commented on #RedHat #ImageBuilder / #osbuild :D Let's correct that.

    It's absolute awesome how you can set an #OpenSCAP profile directly in the blueprint. It's also completely useless :) It always performs both an evaluation and remediation step, with no option to turn the remediation off, or to supply a tailored profile with added or excluded tests.

    I can't imagine many images being built that don't have some form of post-processing, so running remediation beforehand is either just unwanted or worse, changes things that shouldn't be changed.

    Now, I do really mean that the intention is awesome. I just think there weren't too many actual users offering input :) So, this is mine - please take it as constructive criticism.

  25. Nouvelle version 6.1 disponible ! Nous avons amélioré nos plugins de sécurité, comme le plugin de gestion des vulnérabilités, et bien d'autres fonctionnalités ! #CVE #CIS #openscap & variables hiérarchisées
    👉 Découvrez les toutes : rudder.io/fr/open-source/telec

  26. Nouvelle version 6.1 disponible ! Nous avons amélioré nos plugins de sécurité, comme le plugin de gestion des vulnérabilités, et bien d'autres fonctionnalités ! #CVE #CIS #openscap & variables hiérarchisées
    👉 Découvrez les toutes : rudder.io/fr/open-source/telec

  27. If you look for a hardening guide for your linux system, I can recommend "The practical linux hardening Guide" by trimstray.

    trimstray.github.io/the-practi

    Why?

    1. It's based on SCAP policies.
    2. It uses standards
    3. It provides you with references and rationals, not just actions

    This will allow you to consider whenever or not you should apply this configuration to your setup.

    #linux #security #infosec #OpenSCAP #hardening #centos #Fedora #RHEL