xccdf

Recently I had a chance to work with OpenSCAP. It’s a set of free and open-source tools for Linux Configuration Assessment and a collection security content in SCAP (Security Content Automation Protocol) format.

In this post I will write about SCAP Workbench. It is a GUI application that can check the configuration of your local Linux host (or the remote host via ssh; note that agent installation is required), and show the settings that are not comply with some security standard, for example PCI DSS or DISA STIG.

Moreover, you can generate the script for automated remediation. You can also create your own scan profiles based on existing SCAP content.

Continue reading →

ComplianceChecker is a free Compliance Management tool made by Altx-Soft, a security product company from Moscow Region, Russia. Altx-Soft is known abroad mainly as a Top OVAL Contributor, they have been on award-list every quarter since 2012. Their flagman product, RedCheck, is a SCAP-compatible vulnerability and compliance scanner. They also produce family of “Check”-products for controlling and managing Windows operating systems.

Altx-Soft ComplianceChecker scanning results

ComplianceChecker is a promo product for the potential RedCheck buyers. It similar to RedCheck with the most management features cutted off. It can scan only the localhost.

ComplianceChecker is positioned mainly as an utility for SOHO/Home users and it’s not a secret, that on this market Compliance Management solutions are still an exotic. How could they attract the attention of an ordinary people? Altx-Soft took the hottest security topic of 2014-2015 – cryplockers and ransomware, that nowadays are the real threat for literally all kind of platform and especially Windows desktops. Altx-Soft tried to spread the message, that the best way to protect operating system from this kind of malware is to configure it properly. And it’s hard to disagree. So, they made a tool for the security assessment – ComplianceChecker, and made some other tools configure to operating systems (free for RedCheck users). Continue reading →

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: xccdf

Assessing Linux Security Configurations with SCAP Workbench

Altx-Soft ComplianceCheck against cryptolockers and ransomware