scap-workbench for Debian ------------------------- Introduction ============ scap-workbench is a tool that can open XCCDF [1] or SDS [2] files and allows the user to evaluate either local or remote machine using the content in the opened file. Make sure you read the manual ! /usr/share/doc/scap-workbench/user_manual.html Also, the author has interesting blog entries: "introduce the concept of XCCDF tailoring": http://martin.preisler.me/2013/11/xccdf-tailoring/ Introduction to SCAP datastreams with openscap http://martin.preisler.me/2012/12/introduction-to-scap-datastreams-with-openscap/ 1. The Extensible Configuration Checklist Description Format 2. Source DataStream Quickstart ========== At the time of writing, there's no SCAP checklist (XCCDF) written specifically for Debian and/or it's derivatives. In scap-workbench "File Open" popup, you can select a sample file provided by open-scap or specify it on the command line : $ scap-workbench /usr/share/openscap/scap-fedora14-xccdf.xml SCAP Guides =========== Some current checklists for Linux: scap-security-guide - currently provide content for Red Hat Enterprise Linux 6 (RHEL6) and JBoss Homepage: https://www.open-scap.org/security-policies/scap-security-guide/ sce-community-content - The target platform is a GNU/Linux distribution. seems unmaintained since August 2013. Homepage: https://github.com/OpenSCAP/sce-community-content [FIXME: see also CIS, DISA/STIG, USGCB...] -- Frank Lin PIAT Sun, 02 Jun 2017 15:36:07 +0200