Comprehensive set of various security configuration settings (security controls) expressed in standardized format. Each security control can be evaluated by a small shell script which is executed via SCE.
- Education - we want to map as many security configuration settings as possible. The final checklist is helpful for users willing to secure/harden their boxes.
- Security profiles - we encourage users to group security controls and create custom security profiles that could be enforced on their infrastructure by any tool that support SCE content. (openscap, scap-workbench, jOVAL, spacewalk)
- Release testing - we deliver a security profile tailored for Fedora default configuration setting. Tests against this profile are performed periodically.
Example: scan your machine with all included checks: # oscap xccdf eval all-xccdf.xml
for more detailed instructions, see How to scan your system.
(no releases yet)
We welcome contributions! For more details see Contribute.
Not intended for official audits or lockdown enforcement!
If you want to secure a workstation or server and make sure it is compliant to some official checklist, then this is not the tool for the job!
Even though we have checks for recommendations (e.g. STIG), these are not official. There is no guarantee that the checks are 100% correct and there is no guarantee that we have all of them (in the STIG case we don't).