OpenSCAP — Ensuring Information Security Compliance

Introduction

An essential tool for auditing, vulnerability management and compliance management in information security.

Cybersecurity and compliance with security standards are crucial aspects of system and network administration and management. OpenSCAP is a powerful open source tool designed to assess and ensure compliance of systems with predefined security standards. By automating assessment and auditing processes, OpenSCAP facilitates the identification and remediation of vulnerabilities, contributing significantly to the robustness of information security.

What is OpenSCAP?

OpenSCAP is an acronym for Open Security Content Automation Protocol. It uses the SCAP protocol, a standard developed by the National Institute of Standards and Technology (NIST) to automate vulnerability management and security compliance. It provides a set of tools and libraries that allow you to check a system for compliance with predefined security policies, as well as identify known vulnerabilities. OpenSCAP allows you to:

• Check compliance: Assess whether a system complies with a specific security standard, such as the CIS Benchmark or the DISA STIG.
• Identify vulnerabilities: Detects vulnerabilities in operating systems, applications, and configurations.
• Generate detailed reports: Produces customized reports that facilitate the analysis and communication of assessment results.

How does OpenSCAP work?

OpenSCAP uses a security content-based model (SCAP) that describes desired security configurations and vulnerabilities to be avoided. This content is expressed in a standard format, the extensible Configuration Checklist Description Format (XCCDF), which allows the creation of flexible and customizable security checklists.

When running an analysis with OpenSCAP, the tool compares the current state of the system with the defined security content. The differences found are presented in a detailed report, indicating which configurations are out of the standard and which vulnerabilities were identified.

Features

1. Compliance Assessment: OpenSCAP allows system administrators to assess the compliance of their systems with various security policies, such as the CIS (Center for Internet Security) guidelines and NIST benchmarks.
2. Vulnerability Scanning: Using OVAL (Open Vulnerability and Assessment Language) definitions, OpenSCAP can identify known vulnerabilities in systems and applications.
3. Reporting: After running scans and assessments, OpenSCAP generates detailed reports that help administrators understand the compliance and security status of their systems.
4. Automation and Integration: OpenSCAP can be easily integrated into scripts and automation tools, allowing for regular and automatic audits.

Benefits of OpenSCAP

• Automation: Eliminates the need for manual assessments, saving time and resources.
• Standardization: Ensures that systems are configured according to established security standards.
• Improved security posture: Identifies and fixes vulnerabilities before they are exploited by attackers.
• Ease of use: It has an intuitive interface and can be integrated with other systems management tools.

• Proactive Vulnerability Identification: Assists in the early identification of vulnerabilities, allowing for remediation before they can be exploited by attackers.
• Comprehensive Reporting: Provides detailed reports that help document compliance and identify areas for improvement.

• Active community: It has a robust community of developers and users, ensuring continuous development and support for the tool.

OpenSCAP Applications

• Regulatory Compliance: Ensures compliance with safety requirements established by laws and regulations.
• Risk management: Allows you to proactively identify and mitigate security risks.
• System hardening: Helps in the secure configuration of operating systems and applications.
• Flexibility and Customization: Allows the creation of customized security profiles to meet the specific needs of different organizations.
• Security Audit: Generates detailed reports to demonstrate compliance with security standards.

Let’s Practice:

Step 1: Update Ubuntu 20.4 Operating System Packages

First, update your system packages to make sure everything is up to date:

sudo apt update -y && sudo apt upgrade -y

Step 2: Install OpenSCAP

Then install OpenSCAP and its dependencies:

sudo apt install openscap-scanner openscap-utils

or

sudo apt install libopenscap8 -y

Step 3: Verify Installation

Verify that OpenSCAP has been installed correctly:

oscap --version

Step 4: Download OVAL Definitions

Download the OVAL (Open Vulnerability and Assessment Language) definitions from the official Ubuntu website:

wget https://security-metadata.canonical.com/oval/com.ubuntu.xenial.cve.oval.xml

or

You can also download the latest versions of scap from the following:

# Download the latest Scap Security Guide

mkdir /usr/share/xml/scap/ssg/content

cd /usr/share/xml/scap/ssg/content

sudo wget

https://github.com/ComplianceAsCode/content/releases/download/v0.1.69/scap-security-guide-0.1.69.zip

Unzip the SSG file, then go to the SSG directory and list:

# Unzip the Scap Security Guide

sudo unzip scap-security-guide-0.1.69.zip

cd scap-secuirty-guide-0.1.69/

ls

For security settings specific to use cases you can view the available profiles from the ssg-ubuntu2004-ds-1.2.xml package using the following command:

# Display a list of available profiles

oscap info ssg-ubuntu2004-ds-1.2.xml

Step 5: Run the Assessment

Run the system assessment using the downloaded OVAL definitions:

oscap oval eval --results /tmp/oscap_results.xml --report /tmp/oscap_report.html com.ubuntu.xenial.cve.oval.xml

Step 6: View the Report

Copy the generated HTML report to the /var/www/html directory to view it in a browser:

sudo cp /tmp/oscap_report.html /var/www/html

Step 7: Access the Report

Access the report through the browser, by typing the URL of your server:

http://your-ip-address/oscap_report.html

This should provide a detailed report on your system’s compliance and any vulnerabilities found.

Example of the report:

Generated reports can be viewed in a browser, providing detailed insight into vulnerabilities and compliance status.

To run OpenSCAP assessments on other servers remotely

You can use tools like ssh or other automated methods such as ansible among others, in this case I used ssh to access the servers and execute the necessary commands. Here is the step by step:

Step 1: Configure SSH Access

Ensure you have SSH access to the remote servers. If necessary, set up SSH keys for passwordless login.

Step 2: Install OpenSCAP on Remote Servers

Run the OpenSCAP installation commands on each remote server via SSH. For example:

ssh user@remote-server 'sudo apt install libopenscap8 -y'

Step 3: Download OVAL Definitions

Make sure that the OVAL definitions are available on the remote servers. You can copy them using scp:

scp com.ubuntu.xenial.cve.oval.xml user@remote-server:/tmp/

Step 4: Retrieve the Report

Copy the generated report back to your local system using scp:

scp user@remote-server:/tmp/oscap_report.html /home/OpenScap/

To do this automatically, create a .sh file:

Vim OpenScap.sh

Add the following:

#!/bin/bash

SERVERS=("server1" "server2" "server3")

# Path to OVAL definitions file

OVAL_DEFINITIONS="/path/to/definitions/com.ubuntu.xenial.cve.oval.xml"

for SERVER in "${SERVERS[@]}"; do

ssh user@$SERVER "sudo apt install libopenscap8 -y"

scp $OVAL_DEFINITIONS user@$SERVER:/tmp/

ssh usuario@$SERVIDOR "oscap oval eval --results /tmp/oscap_results.xml --report /tmp/oscap_report.html /tmp/com.ubuntu.xenial.cve.oval.xml"

scp user@$SERVER:/tmp/oscap_report.html /opt/OpenScap/$SERVER-oscap_report.html

done

Execute o .sh:

./OpenScap.sh

It will be carried out automatically on several servers.

Conclusion

OpenSCAP is an indispensable tool for system administrators looking to ensure the security and compliance of their environments. Its ability to automate security audits, identify vulnerabilities, and generate detailed reports makes it a powerful and efficient solution for cybersecurity management. OpenSCAP is an essential tool for any organization looking to ensure the security of its systems.

To learn more about OpenSCAP, visit the official website: https://www.open-scap.org/

This article is written by Geovane da Costa Oliveira

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to Information Security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]