This paper presents a unified framework for evaluating Linux security hardening on the FABRIC testbed through aggregation of heterogeneous security auditing tools. We deploy three Ubuntu 22.04 nodes configured at baseline, partial, and full hardening levels, and evaluate them using Lynis, OpenSCAP, and AIDE across 108 audit runs. To address the lack of a consistent interpretation across tools, we implement a Unified Compliance Aggregator (UCA) that parses tool outputs, normalizes scores to a common 0--100 scale, and combines them into a weighted metric augmented by a customizable rule engine for organization-specific security policies. Experimental results show that full hardening increases OpenSCAP compliance from 39.7 to 71.8, while custom rule compliance improves from 39.3\% to 83.6\%. The results demonstrate that UCA provides a clearer and more reproducible assessment of security posture than individual tools alone, enabling systematic evaluation of hardening effectiveness in programmable testbed environments.

翻译：本文提出了一种统一框架，通过在FABRIC测试平台上聚合异构安全审计工具来评估Linux安全加固效果。我们部署了三个配置为基线、部分加固和完全加固级别的Ubuntu 22.04节点，并使用Lynis、OpenSCAP和AIDE工具进行了108次审计测试。针对不同工具间缺乏统一解释标准的问题，我们实现了统一合规性聚合器（UCA），该工具能够解析各工具输出、将评分归一化至0-100的统一标度，并通过可定制的规则引擎结合组织特定安全策略生成加权指标。实验结果表明：完全加固使OpenSCAP合规率从39.7提升至71.8，而定制规则合规率从39.3%提升至83.6%。这些结果证明，相较于独立使用单一工具，UCA能够提供更清晰且可复现的安全态势评估，从而在可编程测试平台环境中实现加固效果的系统化评估。