Linux host evidence for defense teams that need proof, not screenshots.
oxharden helps defense contractors produce defensible Linux host evidence for vulnerability remediation, CIS / STIG posture, exposed services, and the gap between patched-on-disk and still-running code. It is not a CMMC platform or assessor; it is the Linux evidence layer underneath audit prep.
Audit prep gets messy when Linux evidence is scattered.
Defense contractors are often asked to prove that systems are patched, configured, and monitored. But the evidence usually lives across scanner exports, package managers, shell output, spreadsheets, and manual screenshots. That makes reviews slower and remediation harder to defend.
Patch evidence is incomplete
A package can be fixed on disk while vulnerable code is still running in memory.
Hardening evidence is manual
CIS and STIG checks often become screenshots, scripts, or spreadsheets that age quickly.
Scanner findings lack action
A CVE finding does not always say whether the host needs an update, restart, reboot, or review.
Exposed services need context
Open ports and listening services need to be tied back to host, owner, and remediation evidence.
Host evidence across patching, vulnerabilities, hardening, and exposure.
Four evidence pillars, collected once from the host and organized by report and date — so the proof is the same whether a security manager, IT lead, or assessor is asking.
Patch verification
Compare installed packages against vendor-fixed EVRs and identify where patched-on-disk does not mean fixed-live.
Vulnerability evidence
Tie CVEs to package versions, severity, fixed versions, affected services, and the next action.
CIS / DISA STIG posture
Show expected-vs-actual evidence for every Linux hardening rule — pass or fail, per host.
Exposure context
Surface listening services and exposed ports alongside the host record they belong to.
Patched is not fixed until vulnerable code stops running.
Defense teams cannot close a finding just because the package database changed. Long-running services can keep old libraries mapped after patching. Kernels can remain vulnerable until reboot. oxharden shows the gap so teams know what action is still required.
Evidence for the controls conversation.
oxharden does not make an organization CMMC compliant by itself. It helps produce Linux host evidence that supports vulnerability remediation, configuration management, system monitoring, and audit review workflows.
Vulnerability remediation
Show what is vulnerable, what fix is available, and whether the fix is actually live.
Configuration evidence
Record expected-vs-actual results for CIS and DISA STIG checks.
Change verification
Re-scan after patching or hardening work to show what changed.
Audit-ready artifacts
Produce clean reports a security manager, IT lead, assessor, or client can review.
A report you can hand to security, IT, or an assessor.
One host record, grouped by evidence type. Every row carries the proof and the one action left to close it — organized by host and report date.
From finding to evidence-backed closure.
oxharden slots into how your team already works — it collects and organizes the Linux host evidence; your existing patch and config workflows make the change.
Collect
Run a one-host snapshot or enroll approved Linux hosts.
Classify
Group findings by update, restart, reboot, review, or clean.
Remediate
Use existing patching and configuration workflows to make the change.
Verify
Re-scan and keep the report as evidence for review.
Designed for cautious Linux environments.
Host-level evidence for CIS, DISA STIG, CMMC & NIST 800-171 workflows — oxharden supplies the Linux proof, not the attestation.
See the Linux evidence before audit prep becomes a scramble.
Review a sample Patch Truth report or book a short walkthrough to see how oxharden supports defense-oriented Linux evidence workflows.