Generating Compliance Service Reports

Red Hat Insights 1-latest

Communicate the compliance status of your RHEL infrastructure to security stakeholders

Red Hat Customer Content Services

Abstract

Generate a variety of reports to communicate to enterprise security auditors the security-policy compliance status of your RHEL environment.
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright's message.

Chapter 1. Overview of compliance service reports

The compliance service enables users to download data based on filters in place at the time of download. Downloading a compliance report requires the following actions:

  • Uploading current system data to Red Hat Insights for Red Hat Enterprise Linux
  • Filtering your results in the compliance service web console
  • Downloading reports; either exporting comma separated values (CSV) or JavaScript Object Notation (JSON) data, or as a PDF

Chapter 2. Uploading current system data to Insights

Whether you are using the compliance service to view system compliance status, remediate issues, or report status to stakeholders, upload current data from your systems to see the most up-to-date information.

Procedure

  • Run the following command on each system to upload current data to Insights for Red Hat Enterprise Linux:

    [root@server ~]# insights-client --compliance

Chapter 3. Filtering systems based on severity

You can filter all your systems in a report based on the severity of the rules that failed. This enables you to triage your systems and remediate the most critical issues first.

Prerequisites

  • Login access to the Red Hat Hybrid Cloud Console.

Procedure

  • Navigate to Security > Compliance > Reports.
  • Choose the Policy rule you want to view.
  • Click the Name filter above your list of systems.
  • Choose Failed rule severity.
  • Click on Filter by failed rule to the right of Failed rule severity, and place a checkmark in the box to the left of High. The systems that remain are those deemed to be critical issues, and should be the first ones remediated.

Chapter 4. Exporting compliance data for selected systems

Perform the following procedures to export a report showing compliance issues impacting your systems, based on filtering in place at the time of export.

4.1. Exporting a report for a single policy

Perform the following steps to export a compliance report for a single policy.

Procedure

  1. Navigate to the Security > Compliance > Reports tab and log in if necessary.
  2. Click on the policy to view the report.
  3. Apply filters as needed to refine results.
  4. Click View policy for more detailed information such as compliance threshold and business objective.
  5. At the top of the systems list, click the download icon to the right of the Remediate button and select Export to CSV or Export to JSON, based on your export preferences.
  6. Choose to open or save the file. Then click OK.

4.2. Exporting a report for selected systems

Perform the following steps to export a compliance report for selected systems.

Procedure

  1. Navigate to Security > Compliance > Systems and log in if necessary.
  2. Apply filters as needed to refine results.
  3. Select the systems you want to see in the report by checking the box next to each system name.
  4. At the top of the systems list, click the download icon and select Export to CSV or Export to JSON, based on your export preferences.
  5. Choose to open or save the file. Then click OK.

Chapter 5. Downloading PDF policy reports

The Insights for Red Hat Enterprise Linux compliance service enables you to create PDF reports for individual policies to share with stakeholders, such as your compliance team or auditors.

Reports include the following information:

  • Policy details: policy type, operation system, compliance threshold, and business objective.
  • Percentage of systems in compliance with the policy.
  • Numbers of non-compliant and compliant systems.
  • Non-compliant system information. You can select to include compliant systems when creating the report.
  • List of top 10 failed rules: the most severe failed rules, along with the greatest number of failed systems for each rule, are ranked at the top.

5.1. Creating a PDF report for a policy

Perform the following steps to download a PDF report for a security policy.

Prerequisites

  • You must be logged in to the Red Hat Hybrid Cloud Console.
  • Policy reports are point-in-time reporting. Red Hat recommends uploading your latest system data to Insights for Red Hat Enterprise Linux before creating a policy report in the compliance service.

Procedure

  1. Optionally run insights-client --compliance on your systems to scan them and upload current data to the compliance service.
  2. Navigate to Security > Compliance > Reports.
  3. Locate the policy for which to create the report.
  4. Click the download icon img compl reports download icon on the far right of the same row as the policy name.

    Note

    You can also click on the policy name and click Download PDF in the upper right of the page.

  5. In the Compliance report modal dialog, make selections for system data to include.
  6. Make selections for rule data to include.
  7. Optionally, add user notes.
  8. Click Export report.

Chapter 6. Deleting a compliance report

Prerequisites

  • Login access to the Red Hat Hybrid Cloud Console.

Procedure

  1. Navigate to Red Hat Insights > Compliance > Reports. The list of available reports displays.
  2. Optional. Use the search filters to search for the report you want to delete. You may filter the reports by policy name, policy type, operating system, or by systems meeting compliance.
  3. Click the name of the report you want to delete. The report displays and shows the list of systems included in the report.
  4. Click Delete report on the upper right side of the report. The Delete report dialog box appears with the message Deleting a report is permanent and cannot be undone.
  5. Click the Delete report button to confirm that you want to delete the report.

Chapter 7. Enabling notifications and integrations

You can enable the notifications service on Red Hat Hybrid Cloud Console to send notifications whenever a compliance policy is triggered. For example, you can configure the notifications service to automatically send an email message whenever a compliance policy falls below a certain threshold, or to send an email digest of all the compliance policy events that take place each day. Using the notifications service frees you from having to continually check the Red Hat Insights for RHEL dashboard for compliance event-triggered notifications.

Enabling the notifications service requires three main steps:

  • First, an Organization Administrator creates a User access group with the Notifications administrator role, and then adds account members to the group.
  • Next, a Notifications administrator sets up behavior groups for events in the notifications service. Behavior groups specify the delivery method for each notification. For example, a behavior group can specify whether email notifications are sent to all users, or just to Organization administrators.
  • Finally, users who receive email notifications from events must set their user preferences so that they receive individual emails for each event or a daily digest of all compliance events.

In addition to sending email messages, you can configure the notifications service to send event data in other ways:

  • Using an authenticated client to query Red Hat Insights APIs for event data
  • Using webhooks to send events to third-party applications that accept inbound requests
  • Integrating notifications with applications such as Splunk to route compliance events to the application dashboard

Additional resources

Chapter 8. Reference materials

To learn more about the compliance service, see the following resources:

Providing feedback on Red Hat documentation

We appreciate and prioritize your feedback regarding our documentation. Provide as much detail as possible, so that your request can be quickly addressed.

Prerequisites

  • You are logged in to the Red Hat Customer Portal.

Procedure

To provide feedback, perform the following steps:

  1. Click the following link: Create Issue
  2. Describe the issue or enhancement in the Summary text box.
  3. Provide details about the issue or requested enhancement in the Description text box.
  4. Type your name in the Reporter text box.
  5. Click the Create button.

This action creates a documentation ticket and routes it to the appropriate documentation team. Thank you for taking the time to provide feedback.

Legal Notice

Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.