I have written a short blog post summarizing the latest addition to OpenSCAP called `oscap-ssh`.
http://martin.preisler.me/2015/05/scanning-remote-machines-with-openscap/
It allows users to scan remote machines using local files. The result files are transferred back and can be conveniently viewed on the local machine. This is very useful for testing and even auditing of remote machines.
Feedback appreciated! Cross posting to SCAP Security Guide because this might be valuable to content authors.
Martin,
That's pretty amusing. I did a presentation yesterday regarding running distributed OpenSCAP scans with MCollective.
The presentation can be found at https://github.com/onyxpoint/presentation-puppetcamp2015-mco-oscap/blob/mast... .
And the source code is at https://github.com/trevor-vaughan/mcollective-openscap-agent.
Interesting to see two projects pop up almost at the same time.
I might have to steal your policy push idea. I had thought about it but decided to go with straight SSG support.
Thanks,
Trevor
On Wed, May 13, 2015 at 9:21 AM, Martin Preisler mpreisle@redhat.com wrote:
I have written a short blog post summarizing the latest addition to OpenSCAP called `oscap-ssh`.
http://martin.preisler.me/2015/05/scanning-remote-machines-with-openscap/
It allows users to scan remote machines using local files. The result files are transferred back and can be conveniently viewed on the local machine. This is very useful for testing and even auditing of remote machines.
Feedback appreciated! Cross posting to SCAP Security Guide because this might be valuable to content authors.
-- Martin Preisler Security Technologies | Red Hat, Inc. -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
Trevor & Martin, Thanks for sharing.
On Wed, May 13, 2015 at 6:57 PM, Trevor Vaughan tvaughan@onyxpoint.com wrote:
Martin,
That's pretty amusing. I did a presentation yesterday regarding running distributed OpenSCAP scans with MCollective.
The presentation can be found at https://github.com/onyxpoint/presentation-puppetcamp2015-mco-oscap/blob/mast... .
And the source code is at https://github.com/trevor-vaughan/mcollective-openscap-agent.
Interesting to see two projects pop up almost at the same time.
I might have to steal your policy push idea. I had thought about it but decided to go with straight SSG support.
Thanks,
Trevor
On Wed, May 13, 2015 at 9:21 AM, Martin Preisler mpreisle@redhat.com wrote:
I have written a short blog post summarizing the latest addition to OpenSCAP called `oscap-ssh`.
http://martin.preisler.me/2015/05/scanning-remote-machines-with-openscap/
It allows users to scan remote machines using local files. The result files are transferred back and can be conveniently viewed on the local machine. This is very useful for testing and even auditing of remote machines.
Feedback appreciated! Cross posting to SCAP Security Guide because this might be valuable to content authors.
-- Martin Preisler Security Technologies | Red Hat, Inc. -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaughan@onyxpoint.com
-- This account not approved for unencrypted proprietary information --
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
----- Original Message -----
From: "Trevor Vaughan" tvaughan@onyxpoint.com To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Cc: "open-scap-list" open-scap-list@redhat.com Sent: Thursday, May 14, 2015 3:57:00 AM Subject: Re: Scanning remote machines with OpenSCAP
Martin,
That's pretty amusing. I did a presentation yesterday regarding running distributed OpenSCAP scans with MCollective.
Heh, funny coincidence.
The presentation can be found at https://github.com/onyxpoint/presentation-puppetcamp2015-mco-oscap/blob/mast...
Nice presentation! I think your solution is related to oscap-ssh but the target audience is entirely different. Evaluating an infrastructure is out of scope for oscap-ssh.
I might have to steal your policy push idea. I had thought about it but decided to go with straight SSG support.
Feel free :-) I like some ideas from your presentation so I will steal those in return ;-)
scap-security-guide@lists.fedorahosted.org
-
Martin Preisler -
Purush Gupta -
Trevor Vaughan