Scanning remote machines with OpenSCAP
Introduction oscap-ssh has recently been merged into OpenSCAP 1.2.x and is available in the OpenSCAP 1.2.3 release, see https://github.com/OpenSCAP/openscap/pull/69. This new tool enables painless...
View ArticleCustomizing HTML reports and guides in OpenSCAP 1.1.0 and higher
Introduction OpenSCAP 1.1.0 introduced brand new HTML5 report and guide styles. These were a result of an almost complete rewrite of all the XSLT code. See openscap HTML report redesign for more info....
View ArticleOpenCL Cryptographic Library
I have successfully defended my Master Thesis at the Faculty of Informatics of Masaryk University in Brno. This page shall serve as a permalink for the thesis. Thesis PDF: OpenCL Cryptographic Library...
View ArticleClik here to view.
SCAP Security Guide now has an HTML guide for each profile
In the past the SCAP Security Guide project built one or just a few HTML guides for some chosen profiles. The build system also used a special profile called allrules which is no longer supported since...
View ArticleEvaluate Virtual Machines for SCAP Compliance
Recently I have been working on oscap-vm — a script that allows SCAP evaluation of virtual machines and virtual machine storage images. In a way it is similar to the other OpenSCAP wrapper utilities —...
View ArticleClik here to view.
atomic scan and openscap-daemon
I would like to thank Brent Baude, Zbynek Moravec, Simon Lukasik, Dan Walsh and others who contributed to this feature! Introduction Containers are a very big topic today, almost all businesses are...
View ArticleClik here to view.
Combine SCAP tailoring file and datastream into a single file
Many users customize their SCAP content before use. Usually they use SCAP Workbench. When they are done they end up with the original source datastream and a customization file. If they are scanning...
View ArticleClik here to view.
OpenSCAP XSLT performance improvements for faster SSG builds
As I contribute more and more patches to SCAP Security Guide I got increasingly frustrated with the build speeds. A full SSG build with make -j 4 took 2m21.061s and that’s without any XML validation...
View ArticleClik here to view.
Contributing to SCAP Security Guide – part 1
When everything is built SCAP Security Guide (or SSG) is a bunch of SCAP files – source datastream, XCCDF, OVAL, OCIL, CPE dictionary and other files. But these files are huge and hard to work on. So...
View ArticleClik here to view.
Status of Ansible remediations in SCAP Security Guide
Very quick intro into SSG SCAP Security Guide (or SSG for short) is the open source project to check out if you are interested in security policies. They provide fully automated SCAP content for...
View Article