Such lovely news, post holiday ...

I suppose with #MITRE being on life support and #OpenSCAP being a dependent of same, I guess I now have to start earnest work in in finding a cross distribution Threat Intelligence solution . . apparently I've 11 months to do this in, and as usual FA budget.

Degradation is likely to be faster than first anticipated, as the funding thins out to *Nothing* rather rapidly, the funding vultures, and newly promoted, post cut Shite Hawks work their magic.

At first blush, one hopes EUVD can emit OVAL files . . an investigatory task for tomorrow, after Mail Mountain is scaled.

#Infosec #Security #TangerinePalpatine #Muskovite

Cómo instalar y usar OpenSCAP para mejorar la seguridad de Rocky Linux #RockyLinux #Linux #OpenSCAP

https://algoentremanos.com/como-instalar-usar-openscap-rocky-linux/

Strengthening #Linux Security by Auditing with #OpenSCAP

http://lxer.com/module/newswire/ext_link.php?rid=340247

@zhenech First thought you were talking about #OpenSCAP and became a little worried.

Oh! It's been a while since I commented on #RedHat #ImageBuilder / #osbuild :D Let's correct that.

It's absolute awesome how you can set an #OpenSCAP profile directly in the blueprint. It's also completely useless :) It always performs both an evaluation and remediation step, with no option to turn the remediation off, or to supply a tailored profile with added or excluded tests.

I can't imagine many images being built that don't have some form of post-processing, so running remediation beforehand is either just unwanted or worse, changes things that shouldn't be changed.

Now, I do really mean that the intention is awesome. I just think there weren't too many actual users offering input :) So, this is mine - please take it as constructive criticism.

Nouvelle version 6.1 disponible ! Nous avons amélioré nos plugins de sécurité, comme le plugin de gestion des vulnérabilités, et bien d'autres fonctionnalités ! #CVE #CIS #openscap & variables hiérarchisées
👉 Découvrez les toutes : https://www.rudder.io/fr/open-source/telecharger/

If you look for a hardening guide for your linux system, I can recommend "The practical linux hardening Guide" by trimstray.

https://trimstray.github.io/the-practical-linux-hardening-guide/

Why?

1. It's based on SCAP policies.
2. It uses standards
3. It provides you with references and rationals, not just actions

This will allow you to consider whenever or not you should apply this configuration to your setup.

#linux #security #infosec #OpenSCAP #hardening #centos #Fedora #RHEL

Openscap scanning example https://peertube.maly.io/videos/watch/d34439ea-4e1e-4dde-af20-d265f27649e7