Chapter 2. Getting started using the compliance service

This section describes how to configure your RHEL systems to report compliance data to the Insights for RHEL application. This installs necessary additional components such as the SCAP Security Guide (SSG), which is used to perform the compliance scan.

Prerequisites

  • The Insights client is deployed on the system.
  • You must have root privileges on the system.

Procedure

  1. Check the version of RHEL on the system:

    [user@insights]$ ​​cat /etc/redhat-release
  2. Review the Insights Compliance - Supported configurations article and make note of the supported SSG version for the RHEL minor version on the system.

    Note

    Some minor versions of RHEL support more than one version of SSG. The Insights compliance service will always show results for the latest supported version.

  3. Check if the supported version of the SSG package is installed on the system:

    Example - for RHEL 8.4 run:

    [root@insights]# dnf info scap-security-guide-0.1.57-3.el8_4
  4. If it isn’t already installed, install the supported version of SSG on the system.

    Example - for RHEL 8.4 run:

    [root@insights]# dnf install scap-security-guide-0.1.57-3.el8_4
  5. In the compliance service UI, Security > Compliance > SCAP policies, add the system to a policy.

    1. Click Create new policy to add the system to a new security policy.
    2. Or, select an existing policy and click Edit policy to add the system to it.
  6. After adding each system to the desired security policy, return to the system and run the compliance scan using:

    [root@insights]# insights-client --compliance
    Note

    The scan can take 1-5 minutes to complete.

  7. Navigate to Generating Compliance Service Reports to view results.
  8. Optionally, schedule the compliance jobs to run with cron.

Additional Resources

To learn which versions of the SCAP Security Guide are supported for Red Hat Enterprise Linux minor versions, see Insights Compliance - Supported configurations.