Auditing Security Policy with OpenSCAP

Throughout the two chapters that preceded this one, we established the value of applying a security policy such as the CIS Benchmark to your Enterprise Linux infrastructure. We have discussed a variety of methods for both applying it and ensuring it remains enforced; the latter point is especially important in an infrastructure where a wide array of people have superuser access to your Linux servers. Although we have established ways that both shell scripting and Ansible can assist with auditing the compliance of your infrastructure with your chosen security policy, we have also established that neither of these are particularly suited to providing readable and actionable reports of a large infrastructure. For example, it is entirely reasonable that an infrastructure security team might want a readable report showing the compliance of the infrastructure with the security policy, and neither shell scripting nor Ansible immediately lend themselves to this task.

Although there are a wide variety of infrastructure scanning tools available on the market, most of these are commercial and the focus of this book is on open source solutions that are accessible to any enterprise, regardless of their budget. Hence, in this chapter, we will consider the freely available OpenSCAP tool. SCAP stands for Security Content Automation Protocol, and it is a standardized solution for checking a Linux infrastructure for compliance against a given security policy (in our case, CIS). OpenSCAP is hence an open source implementation of SCAP that has been widely adopted by Enterprise Linux vendors including Red Hat. We will hence explore the process for setting up your own OpenSCAP infrastructure for compliance scanning and reporting. This, in turn, will enable all teams with a vested interest in infrastructure security to get oversight of the levels of compliance.

Specifically, we will cover the following topics in this chapter:

  • Installing your OpenSCAP server
  • Evaluating and selecting policies
  • Scanning the enterprise with OpenSCAP
  • Interpreting results
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset