OpenSCAP Part 3: Running Scans from the Command Line in RHEL 7

openscap-base

Introduction

In part 1 of this series we were introduced to OpenSCAP and the process of running scans via the SCAP workbench. In part 2, we explored concepts and components that define security/vulnerability scans. In this 3rd post we are going to dive into the command line operation.

Let’s get started with oscap.

Installing oscap

In RHEL 7 oscap can be installed with the following command

# yum -y install scap-security-guide openscap-scanner

Content is installed under the following directory. Note that ssg is short for SCAP Security Guide.

/usr/share/xml/scap/ssg/content

Lets change directories to the one listed above and view the installed files.

Screenshot from 2019-07-24 15-58-04

Using oscap we can view more info on each file shown above. In this example we are going to inspect the ssg-rhel7-ds.xml file.

# oscap info ssg-rhel7-ds.xml

Continue reading

Advertisements

RHEL6 – Common Postfix Server Roles

10736157-a-cartoon-rabbit-with-an-angry-expressionIf you are anything like me you would rather not have anything to do with Sendmail or Postfix, however unfortunately it can be required learning in some circles. That being said this is my second postfix post in what I call my “Postfix: Nasty!” series. The first one can be read here, and  I will be the first to admit that its not very good. However I chock this up to the fact that I really don’t know much about Postfix at all and I’m writing these posts as part of the process of figuring out how to do what with Postfix.

Specifically this post outlines and defines the standard roles that a postfix server can serve. Below are three common roles and their characteristics. You should get to know each of these and how to configure them.

Null Client:

  • Only runs Postfix as a local MTA (mail transfer agent… think sendmail and postfix) for the purpose of forwarding to a centralized mail server
  • Does not accept local delivery

Inbound-Only Mail Server:

  • Handles all inbound mail for a site
  • Passes inbound email to an MDA (mail delivery agent) such as Dovecot or Procmail
  • Forwards outbound mail to a centralized mail server, just like a Null Client Does

Outbound Mail Relay:

  • Also called a Smarthost
  • Accepts outbound messages
  • Should be configured to forward mail for authorized clients only. Avoid being an Open Relay