Bug#856425: ITP: scap-security-guide -- security guides and conformity checks using SCAP standard
Package: wnpp
Severity: wishlist
Owner: Philippe Thierry <phil@reseau-libre.net>
* Package name : scap-security-guide
Version : 0.1.31-10
Upstream Author : Watson Yuuma Sato <wsato@redhat.com>
* URL : https://www.open-scap.org/security-policies/scap-security-
guide/
* License : Unlicenced
Programming Lang: Python, XML, XSLT
Section : admin
Description : security guides and conformity checks using SCAP
standard
SCAP-security-guide works with the OpenSCAP tool, which is already
packaged in Debian.
It builds those binary packages:
ssg-applications - SCAP Guides and benchmarks targeting applications such as
ssg-base - SCAP Security guide base content and documentation
ssg-debfamilly - SCAP Guides and benchmarks targeting all deb-based
ssg-debian - SCAP Guides and benchmarks targeting Debian 8
ssg-otheros - SCAP Guides and benchmarks targeting other GNU/Linux
To access further information about this package, please visit the following
URL:
https://mentors.debian.net/package/scap-security-guide
Alternatively, one can download the package with dget using this command:
dget -x https://mentors.debian.net/debian/pool/main/s/scap-security-guide
/scap-security-guide_0.1.31-9.dsc
The goal of this package is to deploy SCAP XCCDF Benchmarks and Guides
for various targets not deployed by the OpenSCAP core package, but
supported by the SCAP-security-guide community in which I work as
contributor for Ubuntu, Debian and ANSSI best practices.
Using these guides/benchmarks, it is possible to validate conformity of
Debian-based deployment against standard security policies such as ANSSI
Best-practices, PCI-DSS, NIST SP-800... and to launch remediation
scripts when needed. Using the OpenSCAP ecosystem, it is possible to
manage the security policy of a complete infrastructure, when launching
OpenSCAP tool with the above benchmarks through ssh (for e.g.) or on VM
or docker templates.
Reply to: