Search

Chapter 2. Security Content Automation Protocol

download PDF

Satellite uses the Security Content Automation Protocol (SCAP) standard to define security policies.

SCAP is a framework of several specifications based on XML, such as checklists described in the Extensible Checklist Configuration Description Format (XCCDF) and vulnerabilities described in the Open Vulnerability and Assessment Language (OVAL). These specifications are encapsulated as data stream files.

Checklist items in XCCDF, also known as rules, express the desired configuration of a system item. For example, a rule may specify that no one can log in to a host over SSH using the root user account. Rules can be grouped into one or more XCCDF profiles, which allows multiple profiles to share a rule.

The OpenSCAP scanner tool evaluates system items on a host against the rules and generates a report in the Asset Reporting Format (ARF), which is then returned to Satellite for monitoring and analysis.

Table 2.1. Specifications in the SCAP Framework 1.3 supported by the OpenSCAP scanner

Title

Description

Version

SCAP

Security Content Automation Protocol

1.3

XCCDF

Extensible Configuration Checklist Description Format

1.2

OVAL

Open Vulnerability and Assessment Language

5.11

-

Asset Identification

1.1

ARF

Asset Reporting Format

1.1

CCE

Common Configuration Enumeration

5.0

CPE

Common Platform Enumeration

2.3

CVE

Common Vulnerabilities and Exposures

2.0

CVSS

Common Vulnerability Scoring System

2.0

Additional resources

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.