Web lists-archives.com

Bug#856425: ITP: scap-security-guide -- security guides and conformity checks using SCAP standard​




Package: wnpp
Severity: wishlist
Owner: Philippe Thierry <phil@xxxxxxxxxxxxxxxx>

* Package name    : scap-security-guide
  Version         : 0.1.31-10
  Upstream Author : Watson Yuuma Sato <wsato@xxxxxxxxxx>
* URL             : https://www.open-scap.org/security-policies/scap-security-
guide/
* License         : Unlicenced
  Programming Lang: Python, XML, XSLT
  Section         : admin
  Description     : security guides and conformity checks using SCAP
standard​

SCAP-security-guide works with the OpenSCAP tool, which is already
packaged in Debian.

It builds those binary packages:

 ssg-applications - SCAP Guides and benchmarks targeting applications such as
 ssg-base   - SCAP Security guide base content and documentation
 ssg-debfamilly - SCAP Guides and benchmarks targeting all deb-based
 ssg-debian - SCAP Guides and benchmarks targeting Debian 8
 ssg-otheros - SCAP Guides and benchmarks targeting other GNU/Linux

To access further information about this package, please visit the following
URL:

  https://mentors.debian.net/package/scap-security-guide

Alternatively, one can download the package with dget using this command:

  dget -x https://mentors.debian.net/debian/pool/main/s/scap-security-guide
/scap-security-guide_0.1.31-9.dsc

The goal of this package is to deploy SCAP XCCDF Benchmarks and Guides
for various targets not deployed by the OpenSCAP core package, but
supported by the SCAP-security-guide community in which I work as
contributor for Ubuntu, Debian and ANSSI best practices.

Using these guides/benchmarks, it is possible to validate conformity of
Debian-based deployment against standard security policies such as ANSSI
Best-practices, PCI-DSS, NIST SP-800... and to launch remediation
scripts when needed. Using the OpenSCAP ecosystem, it is possible to
manage the security policy of a complete infrastructure, when launching
OpenSCAP tool with the above benchmarks through ssh (for e.g.) or on VM
or docker templates.