Ensuring Approved Packages Are Installed Across System Profiles Using System Comparison

Red Hat Insights 2020-04

How to validate approved packages are installed across system profiles and generate reports

Red Hat Customer Content Services

Abstract

This workflow example demonstrates how to validate approved RPM packages are installed across system profiles and generate CSV reports for analysis.
Providing Feedback:
If you have a suggestion to improve this document or find an error, submit a Bugzilla report at http://bugzilla.redhat.com against Cloud Software Services (cloud.redhat.com) for the System Comparison component.

Chapter 1. Overview

As an IT operator, use System Comparison to ensure approved security tools and RPM packages are installed on each system:

  1. Access the System Comparison service.
  2. Add systems manually within System Comparison.
  3. Filter system configuration data by installed packages.
  4. Export the filtered data to a CSV file for analysis.

Chapter 2. Accessing the System and Baselines Comparison Service

The System Comparison service is part of Red Hat Insights and can be accessed via https://cloud.redhat.com.

Procedure

  1. On https://cloud.redhat.com, in the Cloud Management Services for Red Hat Enterprise Linux panel, click Drift Analysis. The Cloud Management Services dashboard opens.
  2. Click Drift in the left-side navigation menu to view the Drift options: Comparison and Baselines.

    • Click Add to comparison to open the Comparison screen where you can add systems or baselines to compare.
      drift comparison screen
    • Click Baselines to open the Baselines screen, where you can create baselines. This screen also lists any baselines that exist.

    drift baselines screen

You can now start adding systems and baselines to compare their facts.

Chapter 3. Adding Systems Manually within System Comparison

Add systems registered in your cloud management services inventory within the System Comparison service.

Procedure

  1. On the Red Hat Insights user interface, click Drift AnalysisComparison in the left-side navigation menu.
  2. On the Comparison screen, click Add System.
  3. Select the systems to compare from the list. Alternatively, enter the system name in the search box to find by name, then select the system.
  4. Click Submit.
Note
  • At any time, you can add more systems by clicking on the Add System button on the right-side of the systems you have already added for comparison.
  • Similarly, you can remove a particular system under comparison by clicking the cross sign on the upper-right corner of the individual system name, or, you can remove all systems under comparison by clicking the options menu drift options menu located at the top, then clicking Clear all comparisons to start again.

Chapter 4. Filtering System Facts By Installed Packages

Filter the system facts by installed packages.

  1. Enter the required package name in the search box at the top, or enter installed_packages to view the list of all packages installed.
  2. In the View drop-down list, ensure you are viewing the result for all comparison states, that is where installed packages and their versions are same, different, and where information is missing across systems.

In the example screen capture below, facts are filtered by installed RPM packages for which you can see a subset of the list. Note that for package deltarpm there is no difference in its version between the two systems, however, packages rpm, rpm-build-libs, rpm-libs, and rpm-python show a difference. Also, data is missing for some of the other packages. This is a discrepancy as systems were not consistently upgraded with approved packages.

drift rpm packages

Chapter 5. Exporting System Comparison Output

Export the system profiles you filtered above by installed packages where RPM versions are same, different, and where information is missing to a comma-separated values (CSV) file.

Note

The exported CSV report preserves all your current selections on the system comparison output, including any filters applied. That is, it follows the WYSIWYG (What You See Is What You Get) paradigm. Therefore, you will need to expand any nested fact categories (installed_packages, for example) to be exported in the report.

Procedure

  1. On the system comparison output screen for two or more systems, click the options menu drift options menu located at the top.
  2. Click Export as CSV.

Open the CSV file with the tool of your choice so that you can easily analyze discrepancies in installed RPM packages.

Legal Notice

Copyright © 2020 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.