A Unified Compliance Aggregator Framework for Automated Multi-Tool Security Assessment of Linux Systems

TL;DR

This paper presents the Unified Compliance Aggregator (UCA), a framework that integrates multiple open-source security tools into a single, normalized score to assess Linux system security comprehensively.

Contribution

The paper introduces UCA, a novel framework that combines diverse security tool outputs into a unified score using normalization and a logarithmic model for file integrity.

Findings

Composite scores improve with system hardening.

Contrasting behaviors observed between compliance and file integrity tools.

Case studies demonstrate practical application of the framework.

Abstract

Assessing the security posture of modern computing systems typically requires the use of multiple specialized tools. These tools focus on different aspects such as configuration compliance, file integrity, and vulnerability exposure, and their outputs are often difficult to interpret collectively. This paper introduces the Unified Compliance Aggregator (UCA), a framework that integrates several open-source security tools into a single composite score representing overall system security. The proposed framework combines outputs from Lynis, OpenSCAP (STIG and CIS profiles), AIDE, Tripwire, and Nmap NSE. A normalization process converts heterogeneous outputs into a consistent 0 to 100 scale, followed by weighted aggregation. We also introduce a logarithmic scoring model for file integrity measurements to address limitations observed in prior linear approaches. Experiments were conducted on Ubuntu 22.04 across different hardening levels and environments. Results show consistent improvement in composite scores as systems are hardened, while also revealing contrasting behavior between compliance and file integrity tools. Two case studies, a basic web server and a DVWA-based system illustrate how the framework can be applied in practical scenarios.