SCAP Testing
Security Content Automation Protocol
SCAP is a protocol of standards administrated by NIST. Once set up to achieve a standardized approach to continue to manage security of so-called enterprise systems. This includes automated verification for the presence of patches, checking system and security configuration settings and examining systems for other defects.
LinQhost uses the SSG list of the Certified Cloud Providers (RH CCP draft) profile as the default. In any case, several things are checked in our profile:
- The correct permissions to the passwd and gshadow files present on systems
- SELinux enabled
- Only the root user has UID 0
- Presence of login accounts without passwords
- SSH settings: Protocol 2, root login disabled, approved ciphers
Sometimes it is not possible from a management point of view to meet all requirements within SCAP or the RH CCP draft profile. The SSG protocol is a manual and one is free to adjust it to your own wishes and requirements.