2017 reflected 10 years of working at Red Hat, and during that time, I’ve been SO fortunate to have my day job involve collaborating with open source communities. Below are a few projects, with links to documentation and code, that have occurred over the years.
If you think any of these projects might be interesting to get involved in, please reach out through that community mailing list and say hello! A fallacy of open source is that one needs to be technical to contribute (aka a programmer). Nothing could be farther from the truth. Projects need technical writers, UI and UX designers, and most importantly — user feedback! Introducing yourself on the project mailing list(s) is a great way to begin to get involved. Look forward to seeing you in the community!
OpenSCAP is a NIST certified configuration and vulnerability scanner.
OpenSCAP represents both a library and a command line tool that allows users to load, scan, validate, edit, and export SCAP documents. Whether you want to evaluate DISA STIGs, NIST’s National Checklist Program content, or perform a vulnerability scan of Enterprise Linux, all are supported OpenSCAP use cases.
SCAP Security Guide provides automated security baselines.
Originally co-founded by NSA Information Assurance Directorate and Red Hat, compliance profiles have been written against standards such as PCI-DSS, DoD STIG, and FISMA. The content ships downstream in RHEL via the scap-security-guide RPM.
SCAP Workbench is a GUI tool for tailoring existing SCAP baselines.
Create a custom security profile and scan remote systems from your favorite OSX/Windows/Linux desktop. Export your tailored profile as an RPM or SCAP tailoring file.