ScanOVAL for Linux

2020: The beginning of testing of ScanOVAL for Linux

On the official site data security of information of Bank of threats (BDU) of the Federal Service for Technical and Export Control (FSTEC Russia) open testing Linux of the ScanOVAL for program — the tool for automated verifications of the existence of vulnerabilities SOFTWARE working under control of operating systems the Linux family began. On February 11, 2020 the company reported about it Astra Linux. "ScanOVAL for Linux" can be downloaded freely from the website and also to leave a question, notes and offers to developers on a program runtime through a form of a feedback or e-mail.

The first version of the program is intended for check on vulnerability in version 1.6 special purpose OS local mode of Astra Linux Special Edition and also the general-system and application software which is its part. In development of the program and its database of checks the AltexSoft company was directly involved.

Basic functions of "ScanOVAL for Linux" — evaluating security of OS and software on existence of vulnerabilities, data on which contain in "A databank of security risks of information" of FSTEC of Russia and bulletins of developers. Regular updating of base of the program is supposed information on the appearing vulnerabilities. There is a possibility of creation of reports on the found vulnerabilities in the HTML formats and CSV.

The ScanOVAL for Linux program can be used only for the research purposes, in particular, for search of vulnerabilities of software, development and debugging of descriptions (determinations) in the OVAL language of security of the software products functioning on the Linux platform. For commercial use and also for conducting checks in the network mode it is recommended to use professional vulnerability scanners.

The initiative of FSTEC of Russia of providing freely extended tool for check on existence of the known vulnerabilities of domestic Linux-like OS at the same time helps to resolve a set of issues. It both informing users on the revealed vulnerabilities of the used software, and stimulation of software developers on their timely elimination, and directly attraction attention to BDU and a problem of safe use of software in general, comments Sergey Uzdemir, the deputy CEO for IT of AltexSoft company

The known, but open vulnerabilities are one of methods of violation of the systems of protection. With the advent of means of the automated control of open vulnerabilities of "ScanOVAL for Linux" and responsible for information security it became much simpler to system administrators to exercise control of elimination of the known vulnerabilities included in "A databank of security risks of information" of FSTEC of Russia comments Roman Mylitsyn, the director of a product of Astra Linux Group