Ubuntu 22.04
Sponsored Link

OpenSCAP : Security Audit2022/12/14

 
Install OpenSCAP which is the security audit and vulnerability scanning tool based on SCAP (Security Content Automation Protocol).
For details about SCAP, refer to the site below.
⇒ https://csrc.nist.gov/projects/security-content-automation-protocol
OVAL  (Open Vulnerability and Assessment Language)

XCCDF (Extensible Configuration Checklist Description Format)

OCIL  (Open Checklist Interactive Language)

CPE   (Common Platform Enumeration)

CCE   (Common Configuration Enumeration)

CVE   (Common Vulnerabilities and Exposures)

CVSS  (Common Vulnerability Scoring System)

[1] Install OpenSCAP command line tool.
root@dlp:~#
apt -y install libopenscap8 bzip2
[2] Download OVAL content which is provided from Canonical and Scan Ubuntu System with [oscap] command.
Scan result is renerated as HTML report, you should verify it and try to improve your Ubuntu System as much as possible.
root@dlp:~#
wget https://security-metadata.canonical.com/oval/com.ubuntu.$(lsb_release -cs).usn.oval.xml.bz2

root@dlp:~#
bzip2 -d com.ubuntu.jammy.usn.oval.xml.bz2
# scan system

root@dlp:~#
oscap oval eval --report oval-jammy.html com.ubuntu.jammy.usn.oval.xml

Definition oval:com.ubuntu.jammy:def:901000000: false
Definition oval:com.ubuntu.jammy:def:891000000: false
Definition oval:com.ubuntu.jammy:def:871000000: false
Definition oval:com.ubuntu.jammy:def:861000000: false
Definition oval:com.ubuntu.jammy:def:57771000000: false
.....
.....
Definition oval:com.ubuntu.jammy:def:53542000000: false
Definition oval:com.ubuntu.jammy:def:100: true
Evaluation done.

root@dlp:~#
ll oval-jammy.html

-rw-r--r-- 1 root root 197898 Dec 14 17:01 oval-jammy.html
Matched Content