SCAP Scans: 0 to 1

Published: Sep 23, 2022 by Skyland Staff

Introduction

A Security Technical Implementation Guide (STIG) is a standardized cybersecurity framework for specific technology products, devices, or systems. It provides a set of configuration settings and security controls to enhance the security posture of a system. In this article, we’ll guide you through the process of performing a STIG compliance scan on a remote Linux system, specifically Ubuntu 18.04 LTS, using the Security Content Automation Protocol (SCAP) Compliance Checker (SCC).

Step 1: Download the Required Files

First, navigate to the following website: https://public.cyber.mil/stigs/scap/. Download the “SCC 5.5 Windows” and extract the files. Next, download the “SCC UNIX Remote Scanning Plugin” and extract the files.

Step 2: Install and Set Up the SCC Application

  1. From the “SCC 5.5 Windows” folder, run the setup.exe file. Do not change the installer’s default settings.
  2. Once installed, open the SCC application.

Step 3: Configure the Remote Scan

  1. From the “Choose a scan type” dropdown menu, select “UNIX SSH Remote Scan”.
  2. Select “Install UNIX Remote Scanning Plugin” button that appears.
  3. Select the “SCC_5.5_UNIX_Remote_Scanning_Plugin.scc” file.
  4. Identify the Ubuntu 18.04 LTS target system to be scanned.
  5. On the target system, confirm that SSH access is enabled.

Step 4: Add the Target System to the SCC Application

  1. In the SCC application, select “Edit/Select UNIX Hosts” and create an SSH password.
  2. Confirm that you are now in the SCC “Host Credential Manager for Unix” window.
  3. Click “Add New Host”.
  4. In the “DNS Name/IP Address” field, enter the IP address of the target system.
  5. In the “Authentication Type” dropdown, select “32 : SSH as non-root, then Sudo: With Password”.
  6. In the “Select Credential” dropdown, select “Add New Credential”.
  7. At minimum, enter the username/password of an account that has SSH and sudo privileges on the target system.
  8. Click “Test SSH”.
  9. If the SSH test is successful, click “Test SSH, Save and Close”. If the test is not successful, troubleshoot the SSH issue before proceeding to the next step.
  10. Close the “Host Credential Manager for Unix” window to return to the SCC home window.

Step 5: Perform the STIG Compliance Scan

  1. In the “Content” section, select the Ubuntu 18.04 STIG and ensure all other boxes are not checked.
  2. Click “Start Scan”.
  3. When the scan completes, return to the SCC home window and click “View Results”.

Step 6: Review the Scan Results

  1. In the “Reports” section, double-click the “All Settings” and “Non-Compliance” reports to confirm that expected content is displayed.

Conclusion

Congratulations, you have successfully performed a STIG compliance scan on a remote Linux system. Be sure to review the results carefully and take appropriate action to address any non-compliant items.

Look for a follow-up post to learn how to interpret and analyze SCAP scan results.

Share

Latest Posts

Introducing Skyland Systems
Introducing Skyland Systems

Learn about our new brand and updated website.

Read more

Published: Mar 25, 2023

SCAP Scans: 1 to 2
SCAP Scans: 1 to 2

Interpreting and Analyzing SCAP Scan Results

Read more

Published: Jan 10, 2023

SCAP Scans: 0 to 1
SCAP Scans: 0 to 1

How to Perform a STIG Compliance Scan on a Remote Linux System

Read more