USENIX supports diversity, equity, and inclusion and condemns hate and discrimination.
Using OpenSCAP
;login: Enters a New Phase of Its Evolution
For over 20 years, ;login: has been a print magazine with a digital version; in the two decades previous, it was USENIX’s newsletter, UNIX News. Since its inception 45 years ago, it has served as a medium through which the USENIX community learns about useful tools, research, and events from one another. Beginning in 2021, ;login: will no longer be the formally published print magazine as we’ve known it most recently, but rather reimagined as a digital publication with increased opportunities for interactivity among authors and readers.
Since USENIX became an open access publisher of papers in 2008, ;login: has remained our only content behind a membership paywall. In keeping with our commitment to open access, all ;login: content will be open to everyone when we make this change. However, only USENIX members at the sustainer level or higher, as well as student members, will have exclusive access to the interactivity options. Rik Farrow, the current editor of the magazine, will continue to provide leadership for the overall content offered in ;login:, which will be released via our website on a regular basis throughout the year.
As we plan to launch this new format, we are forming an editorial committee of volunteers from throughout the USENIX community to curate content, meaning that this will be a formally peer-reviewed publication. This new model will increase opportunities for the community to contribute to ;login: and engage with its content. In addition to written articles, we are open to other ideas of what you might want to experience.
Security best practices dictate that we do not run any software with known and exploitable vulnerabilities, but achieving this is difficult. While vulnerability databases do exist, they are not in formats useful for scanning file systems, much less for examining VM images and containers. I work on OpenSCAP, a tool that uses information extracted from the National Vulnerability Database [1] and security policies, and checks for vulnerabilities. oscap can also remediate, or suggest remediations, for configurations that don’t meet established policies. In this article, I explain how OpenSCAP works, how to use both its GUI and command-line versions, and how you can use oscap to improve your site’s security.
Ensuring proper configuration and no vulnerabilities in your production environment has become an essential part of proactive security. In the past it used to be possible to manually go over a single golden image and then deploy it en masse, but that has changed radically. Typical business deployments are now much larger than they used to be and are no longer run just using physical machines. Modern deployments are using virtual machines and containers and tend to deploy many different images. This brings new challenges to both vulnerability assessment and configuration management.