7.4.2. Using the API to Perform Audit Scans

This section describes how to use the Satellite API to perform audit scans.

Procedure 7.2. To Perform an Audit Scan Using the API:

  1. Choose an existing script or create a script for scheduling a system scan through system.scap.scheduleXccdfScan, the front-end API, for example: 
    #!/usr/bin/python
import xmlrpclib
client = xmlrpclib.Server('https://satellite.example.com/rpc/api')
key = client.auth.login('username', 'password')
client.system.scap.scheduleXccdfScan(key, 1000010001,
    '/usr/local/share/scap/usgcb-rhel5desktop-xccdf.xml',
    '--profile united_states_government_configuration_baseline')
    Where:
    • 1000010001 is the system ID (sid).
    • /usr/local/share/scap/usgcb-rhel5desktop-xccdf.xml is the path to the content location on the client system. In this case, it assumes USGCB content in the /usr/local/share/scap directory.
    • --profile united_states_government_configuration_baseline is an additional argument to the oscap command. In this case, it is using the USGCB.
  2. Run the script on the command-line interface of any system. The system needs the appropriate Python and XML-RPC libraries installed.

Note

You can run the rhn_check command to ensure that the action is being picked up by the client system. 
# rhn_check -vv
If rhnsd or osad are running on the client system, the action will be picked up by these services. To check if they are running, run one of the following commands:
For Red Hat Enterprise Linux 5 and 6: 
# service rhnsd start
# chkconfig rhnsd on
OR
# service osad start
# chkconfig osad on
For Red Hat Enterprise Linux 7: 
# systemctl enable rhnsd
# systemctl start rhnsd
OR
# systemctl enable osad
# systemctl start osad