5.2.1. Install OpenSCAP Packages
Procedure 5.1. Installing OpenSCAP Packages
- On the Satellite Server, install the OpenSCAP plug-in and content.
# satellite-installer --enable-foreman-plugin-openscapSuccessful installation is indicated by a progress indicator, and the word
Success!. The OpenSCAP plugin adds to the Satellite web UI a Compliance section, under the menu, containing the following pages:
# yum install puppet-foreman_scap_client
- On all external Capsule Servers, install the OpenSCAP plug-in and content.
NoteIf OpenSCAP functionality is to be enabled on a Capsule Server, Puppet must already have been enabled on that server.
# satellite-installer --enable-foreman-proxy-plugin-openscapSuccessful installation is indicated by a progress indicator, and the word
Success!. This provides the Puppet classes required to set up hosts to perform OpenSCAP scans and creates the Cron jobs for automated compliance scanning.
- On external Capsule Servers with the Puppet master role, install the OpenSCAP client.
# yum install puppet-foreman_scap_clientTo identify the relevant external Capsule Servers, open the Satellite web UI, navigate to Puppet listed in the Features column.→ and identify those external Capsule Servers with
5.2.2. Loading Default OpenSCAP Content
Procedure 5.2. Load the Default OpenSCAP Content
- Load the OpenSCAP content on the Satellite Server.
# foreman-rake foreman_openscap:bulk_upload:default
5.2.3. Importing OpenSCAP Puppet Modules
Procedure 5.3. Import OpenSCAP Puppet Modules
- OpenSCAP requires a Puppet environment, but by default they are only created for Content Views which contain Puppet modules. To list available Puppet environments, open the Satellite web UI and navigate to→ .If there are no Puppet environments, open a CLI session on the Satellite Server and create a directory for the
# mkdir -p /etc/puppet/environments/production/modules
- Import the OpenSCAP content into selected Puppet environments. Each host which is to be audited with OpenSCAP must be associated with a Puppet environment.
- In the Satellite web UI, select from the context menu Any Organization and Any Location.
- Navigate to→ .
- Click, then .
- For each Puppet environment associated with hosts to be audited using OpenSCAP, select the check box, then click production environment.. If no other Puppet environment exists, select theThe foreman_scap_client Puppet module, amongst others, will be added to the selected environments.
- Verify that the foreman_scap_client Puppet module has been added.Navigate to foreman_scap_client Puppet class is listed.→ , then click in the Puppet environment's row. The procedure has been successful if the
5.2.4. Uploading Extra SCAP Content
Procedure 5.4. Upload Extra SCAP Content
- Log in to the Satellite web UI.
- Navigate to Upload New SCAP Content.→ and click
- Enter a title in the Title text box. For example:
RHEL 7.2 SCAP Content.
- Click, navigate to the location containing the SCAP content file and select .
Successfully created RHEL 7.2 SCAP Contentwill be shown and the list of SCAP Contents will include the new title.