Red Hat Training

A Red Hat training course is available for Red Hat Satellite

7.4.2. Using the API to Perform Audit Scans

This section describes how to use the Satellite API to perform audit scans.

Procedure 7.2. To Perform an Audit Scan Using the API:

  1. Choose an existing script or create a script for scheduling a system scan through system.scap.scheduleXccdfScan, the front-end API, for example:
    #!/usr/bin/python
    import xmlrpclib
    client = xmlrpclib.Server('https://satellite.example.com/rpc/api')
    key = client.auth.login('username', 'password')
    client.system.scap.scheduleXccdfScan(key, 1000010001,
        '/usr/local/share/scap/usgcb-rhel5desktop-xccdf.xml',
        '--profile united_states_government_configuration_baseline')
    
    Where:
    • 1000010001 is the system ID (sid).
    • /usr/local/share/scap/usgcb-rhel5desktop-xccdf.xml is the path to the content location on the client system. In this case, it assumes USGCB content in the /usr/local/share/scap directory.
    • --profile united_states_government_configuration_baseline is an additional argument to the oscap command. In this case, it is using the USGCB.
  2. Run the script on the command-line interface of any system. The system needs the appropriate Python and XML-RPC libraries installed.

Note

You can run the rhn_check command to ensure that the action is being picked up by the client system.
# rhn_check -vv
If rhnsd or osad are running on the client system, the action will be picked up by these services. To check if they are running, run one of the following commands:
For Red Hat Enterprise Linux 5 and 6:
# service rhnsd start
# chkconfig rhnsd on
OR
# service osad start
# chkconfig osad on
For Red Hat Enterprise Linux 7:
# systemctl enable rhnsd
# systemctl start rhnsd
OR
# systemctl enable osad
# systemctl start osad