Generating Compliance Service Reports

Red Hat Insights 2020-10

Communicate the Level of Compliance of RHEL Environment with Security Policies

Red Hat Customer Content Services

Abstract

Generate a variety of reports to communicate to enterprise security auditors the security-policy compliance status of a RHEL environment.
Providing Feedback: If you have a suggestion to improve this documentation, or find an error, submit a Bugzilla report at http://bugzilla.redhat.com. Select the Cloud Software Services (cloud.redhat.com) product and use the Documentation component.

Chapter 1. Compliance service reporting overview

The Compliance service enables users to export granular data based on filters in place at the time of export. Exporting a Compliance report requires the following actions:

  • Uploading current OpenSCAP results
  • Filtering your view in the Compliance service
  • Exporting to CSV or JSON file and saving your download

Chapter 2. Uploading current OpenSCAP data for your system

The Compliance service presents data from OpenSCAP scans. Whether you are using the Compliance service to view system compliance status, remediate issues, or report on results, ensure that you’re seeing current data by uploading the latest system data from OpenSCAP before continuing with other procedures.

Procedure

  1. Run the following command to upload current data from OpenSCAP:

    [root@server ~]# insights-client --compliance

Chapter 3. Exporting a Compliance report for selected systems

Perform the following steps to export a Compliance report showing CVEs impacting your systems, and based on filtering in place at the time of export:

Procedure to export a report for a single policy

  1. Navigate to the Compliance service > Reports tab and log in if necessary.
  2. Locate the policy and click View report.
  3. Apply filters as needed to refine results.
  4. Select the systems you want to see in the report.
  5. At the top of the systems list, click the download icon and select Export CSV or Export JSON, based on your export preferences.
  6. Select a download location and click Save.

Procedure to export a report for selected systems

  1. Navigate to Compliance service > Systems and log in if necessary.
  2. Apply filters as needed to refine results.
  3. Select the systems you want to see in the report by checking the box next to each system name.
  4. At the top of the systems list, click the download icon and select Export CSV or Export JSON, based on your export preferences.
  5. Select a download location and click Save.

Chapter 4. Reference materials

To learn more about the Compliance service, see the following resources:

Legal Notice

Copyright © 2020 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.