• Certification Exams of Oracle Initialization scripts Oracle and Linux Oracle Certifications

    Validating adherence to a compliance policy – Keeping the Data Safe – Securing a System

    Ashley Grace Posted on

    Validating adherence to a compliance policy


    Securing systems is much more than encrypting data at rest or in motion. Many configuration files should be checked, along with other common security settings. This can be done automatically using Security Content Automation Protocol (SCAP) files. SCAP is a standardized framework that is used to automate the process of maintaining the security of computer systems. It is a suite of specifications that provide a standardized approach to security automation, enabling organizations to implement consistent and repeatable security practices across their IT infrastructure.
    SCAP defines a common language for communicating security-related information, which allows security tools and products from different vendors to work together seamlessly. It includes a set of standards and guidelines for creating and sharing security content, such as vulnerability data, security checklists, and configuration baselines. Some of the key components of SCAP include the Common Vulnerabilities and Exposures (CVE) database, which is used to identify and track known security vulnerabilities, and the Common Configuration Enumeration (CCE) database, which provides a standardized method for identifying configuration settings that are relevant to security.
    The easiest way to do this is to use a tool called OpenSCAP, which comes with Oracle Linux.


    Getting ready
    As with the other test, we will need an Oracle Linux system to play with. Nothing else is required other than the ability for the system to access a dnf repository to install additional packages.


    How to do it…
    The first step is to install OpenSCAP, usually by installing the entire suite of tools:
    • scap-workbench: A GUI
    • openscap-scanner: Scans systems
    • openscap: The OpenSCAP core
    • openscap-utils: Several command-line tools for scanning systems and containers
    • scap-security-guide: Commonly used SCAP files
    This is done via dnf with the following command:

    dnf install -y scap-workbench

    Once OpenSCAP is installed, you have two ways to run the tool: via a GUI or by using the command line. To start the GUI, run scap-workbench. This launches an easy-to-use GUI that will let you run scans.
    NOTE
    If you install scap-workbench and X11 is not installed, dnf will install it. If you are not using X11 on your servers, consider installing the scap-workbench on a WSL Oracle Linux system or a system with X11. You can also install SCAP Workbench on a Windows desktop. Downloads for Windows can be found on the Open SCAP website, https://www.open-scap.org/.


    How it works…
    While many users run the GUI, you can also use a command line.
    When the GUI Launches, you need to pick the type of systems you wish to scan. Here, OL8 is being used:

    Figure 9.10 – Workbench launch
    Next, select the profile you wish to use for the scan. The profile is the standard that you are comparing to. You must pick one of the profiles to continue:

    Figure 9.11 – SCAP profiles

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    Ashley Grace
    View all posts

    You Might Also Like



    Powered by keiarra.com