Security overview
A practical overview of how oxharden collects Linux fleet data, protects customer information, and fits into security review, compliance, and enterprise deployment workflows.
What oxharden does - and doesn't
oxharden is a visibility and evidence tool. It reads the state of your Linux fleet; it does not change it. That boundary is deliberate.
What oxharden does
Read-onlyWhat oxharden will not do during a scan
NeverWhat runs in your environment
The agent's job is to describe each host accurately. Here is exactly what it does and what leaves your network.
oxharden is designed for visibility and evidence. It should not be presented as a remote-execution or auto-remediation tool.
Remediation workflows are explicit and separate from scan collection; scans do not automatically change hosts.The data categories in scope
Every category below maps to a specific hardening or evidence purpose. Read it as a review checklist, not a wall of text.
| Category | Examples | Why it is used |
|---|---|---|
| Host inventory | Hostname, OS, kernel, cloud/region metadata, last seen. | Identifies each host and its baseline for accurate scoping. |
| Package inventory | Package name, version, ecosystem, installed and fixed versions. | Determines which packages are vulnerable and whether a fix exists. |
| Vulnerability data | CVEs, severity, KEV, EPSS, fix availability. | Prioritizes remediation using exploitability, exposure, and fix-availability signals. |
| Runtime evidence | Running services, loaded libraries, reboot/restart state. | Proves whether a fix is live or still pending a restart. |
| Network exposure | Listening sockets, bind address, protocol, TLS/cert metadata where available. | Maps attack surface and exposed services. |
| Container / image metadata | Runtime, image digest, tags, privileged/root/posture findings. | Extends coverage to workloads and container hosts. |
| Compliance evidence | Benchmark, control status, failing rules, host applicability. | Supports audit readiness and hardening-baseline reporting. |
How data is protected
We describe controls plainly and flag anything still being formalized as available for review rather than making hard promises.
Data encryptionIn review
Encryption in transit; encryption-at-rest handling can be reviewed for your environment.
Access controlIn review
Workspace scoping and role/permission expectations can be reviewed for your deployment.
Auditability
Findings and evidence can be reviewed; export expectations can be reviewed for your workflow.
Tenant / workspace boundaries
Fleet data is scoped by workspace boundaries.
Data retentionIn review
Retention expectations can be discussed for your environment.
Security review support
Data flow, access, and boundaries walked through with your team.
For enterprise evaluations, oxharden can walk through data flow, access model, retention expectations, and deployment boundaries with your security team.
This page is an operational security overview, not a certification claim. Formal security, retention, and access-control requirements can be reviewed during enterprise evaluation.
Who can see what
oxharden separates the people who investigate vulnerabilities from those who own remediation, prove compliance, or audit the account - so each team sees what its work requires.
Where oxharden can run
Deployment shapes the security conversation. Each model below lists the questions that typically come up and what to bring.
SaaS / standard cloud
Managed oxharden cloud for cloud-hosted Linux fleets - the default path for most teams.
- Security questions
- Data residency, egress destinations, and tenant isolation.
- Bring to the discussion
- Fleet size, distros, and any network-egress constraints.
Hybrid / on-prem
Mixed estates where hosts span cloud, on-prem, and distributed infrastructure.
- Security questions
- Connectivity model, where analysis runs, and boundary controls.
- Bring to the discussion
- Network topology and which segments hold sensitive hosts.
Restricted / air-gapped
Isolated or self-hosted enterprise environments with strict connectivity limits.
- Security questions
- Offline feeds, self-hosted analysis, and update handling.
- Bring to the discussion
- Isolation requirements and any accreditation constraints.
Bring this to the call
A short list to prepare for a security or procurement review. Having these ready gets us to a useful answer faster.
Security review, answered.
No. Scanning and compliance evaluation are strictly read-only. oxharden does not patch, restart services, reboot hosts, or change configuration during a scan. Remediation workflows are explicit and separate from scan collection.
Package inventory, kernel state, running-process evidence, listening ports, container/image metadata, and benchmark/compliance signals - enough to describe each host's posture accurately.
No. The agent does not collect customer source code, secrets, private keys, or arbitrary file contents as part of normal collection. It inventories system state, not application data.
Yes. For enterprise evaluations we walk through what the agent collects, where it goes, the access model, retention expectations, and deployment boundaries with your security team.
Restricted, air-gapped, and self-hosted enterprise deployments can be discussed, including offline feeds and self-hosted analysis. Bring your isolation and accreditation constraints.
Benchmark results, control status, failing rules, and host applicability are collected as evidence and can be reviewed to support audit readiness.
Yes. Access-control, SSO, procurement, and deployment-boundary questions are expected parts of an enterprise review - see the checklist above for what to prepare.
Fleet size and distributions, data categories in scope, egress constraints, identity requirements, retention needs, benchmarks in scope, and any restricted-environment requirements.
Need to review oxharden with your security team?
Tell us about your fleet, data boundaries, access requirements, and deployment constraints. We'll help map the right review path.