Skip to main content
Security review

Security overview

A practical overview of how oxharden collects Linux fleet data, protects customer information, and fits into security review, compliance, and enterprise deployment workflows.

Read-only collection
No remediation during scan
Linux fleet evidence scoped
Enterprise security review supported
How data moves
Linux host agentReads local state, read-only
Encrypted transportAgent output in transit
oxharden workspaceAnalysis, scoped by access
Findings & reportsVulnerability, exposure, evidence
Product boundary

What oxharden does - and doesn't

oxharden is a visibility and evidence tool. It reads the state of your Linux fleet; it does not change it. That boundary is deliberate.

What oxharden does

Read-only
Collects Linux fleet inventory, package, CVE, port, container, image, and compliance posture data.
Turns host- and workload-level signals into vulnerability, exposure, and hardening workflows.
Helps teams prioritize remediation and prove whether fixes are installed, live, or still pending.

What oxharden will not do during a scan

Never
No automatic patching
No service restarts
No host reboots
No configuration changes
No arbitrary remote commands
Agent & data collection

What runs in your environment

The agent's job is to describe each host accurately. Here is exactly what it does and what leaves your network.

agent behavior - enrolled Linux host
WhereRuns on enrolled Linux hosts you choose. No inbound ports, no domain membership required.
ModeCollection is strictly read-only. The agent inspects local state; it does not modify it.
GathersPackage inventory, kernel state, running-process evidence, listening ports, container/image metadata, and benchmark/compliance signals.
SendsAgent output is sent to oxharden for analysis and reporting.
ScopeCollection scope is limited to documented fleet, package, runtime, exposure, container, image, and compliance signals.

oxharden is designed for visibility and evidence. It should not be presented as a remote-execution or auto-remediation tool.

Remediation workflows are explicit and separate from scan collection; scans do not automatically change hosts.
Data handled

The data categories in scope

Every category below maps to a specific hardening or evidence purpose. Read it as a review checklist, not a wall of text.

CategoryExamplesWhy it is used
Host inventoryHostname, OS, kernel, cloud/region metadata, last seen.Identifies each host and its baseline for accurate scoping.
Package inventoryPackage name, version, ecosystem, installed and fixed versions.Determines which packages are vulnerable and whether a fix exists.
Vulnerability dataCVEs, severity, KEV, EPSS, fix availability.Prioritizes remediation using exploitability, exposure, and fix-availability signals.
Runtime evidenceRunning services, loaded libraries, reboot/restart state.Proves whether a fix is live or still pending a restart.
Network exposureListening sockets, bind address, protocol, TLS/cert metadata where available.Maps attack surface and exposed services.
Container / image metadataRuntime, image digest, tags, privileged/root/posture findings.Extends coverage to workloads and container hosts.
Compliance evidenceBenchmark, control status, failing rules, host applicability.Supports audit readiness and hardening-baseline reporting.
Data protection

How data is protected

We describe controls plainly and flag anything still being formalized as available for review rather than making hard promises.

Data encryptionIn review

Encryption in transit; encryption-at-rest handling can be reviewed for your environment.

Access controlIn review

Workspace scoping and role/permission expectations can be reviewed for your deployment.

Auditability

Findings and evidence can be reviewed; export expectations can be reviewed for your workflow.

Tenant / workspace boundaries

Fleet data is scoped by workspace boundaries.

Data retentionIn review

Retention expectations can be discussed for your environment.

Security review support

Data flow, access, and boundaries walked through with your team.

For enterprise evaluations, oxharden can walk through data flow, access model, retention expectations, and deployment boundaries with your security team.

This page is an operational security overview, not a certification claim. Formal security, retention, and access-control requirements can be reviewed during enterprise evaluation.

Access & roles

Who can see what

Workspace-based access to fleet data
Role and permission model for scoping visibility
Separation of security, platform, compliance, and auditor workflows
Enterprise SSO / access-control discussion where relevant
Audit and review expectations for account activity

oxharden separates the people who investigate vulnerabilities from those who own remediation, prove compliance, or audit the account - so each team sees what its work requires.

Access-control requirements should be reviewed as part of enterprise deployment planning. Bring your SSO and identity model to the conversation.
Deployment boundaries

Where oxharden can run

Deployment shapes the security conversation. Each model below lists the questions that typically come up and what to bring.

SaaS / standard cloud

Managed oxharden cloud for cloud-hosted Linux fleets - the default path for most teams.

Security questions
Data residency, egress destinations, and tenant isolation.
Bring to the discussion
Fleet size, distros, and any network-egress constraints.

Hybrid / on-prem

Mixed estates where hosts span cloud, on-prem, and distributed infrastructure.

Security questions
Connectivity model, where analysis runs, and boundary controls.
Bring to the discussion
Network topology and which segments hold sensitive hosts.

Restricted / air-gapped

Isolated or self-hosted enterprise environments with strict connectivity limits.

Security questions
Offline feeds, self-hosted analysis, and update handling.
Bring to the discussion
Isolation requirements and any accreditation constraints.
Security review checklist

Bring this to the call

A short list to prepare for a security or procurement review. Having these ready gets us to a useful answer faster.

Approximate fleet size and Linux distributions
Data categories in scope for your environment
Network egress constraints
SSO / identity requirements
Audit-logging expectations
Retention requirements
Compliance benchmarks in scope (CIS, STIG, internal)
Restricted-environment or air-gap needs
Procurement / security-questionnaire requirements
FAQ

Security review, answered.

No. Scanning and compliance evaluation are strictly read-only. oxharden does not patch, restart services, reboot hosts, or change configuration during a scan. Remediation workflows are explicit and separate from scan collection.

Package inventory, kernel state, running-process evidence, listening ports, container/image metadata, and benchmark/compliance signals - enough to describe each host's posture accurately.

No. The agent does not collect customer source code, secrets, private keys, or arbitrary file contents as part of normal collection. It inventories system state, not application data.

Yes. For enterprise evaluations we walk through what the agent collects, where it goes, the access model, retention expectations, and deployment boundaries with your security team.

Restricted, air-gapped, and self-hosted enterprise deployments can be discussed, including offline feeds and self-hosted analysis. Bring your isolation and accreditation constraints.

Benchmark results, control status, failing rules, and host applicability are collected as evidence and can be reviewed to support audit readiness.

Yes. Access-control, SSO, procurement, and deployment-boundary questions are expected parts of an enterprise review - see the checklist above for what to prepare.

Fleet size and distributions, data categories in scope, egress constraints, identity requirements, retention needs, benchmarks in scope, and any restricted-environment requirements.

Review with your team

Need to review oxharden with your security team?

Tell us about your fleet, data boundaries, access requirements, and deployment constraints. We'll help map the right review path.