Why does running oscap scan report shows not applicable for most of the Red Hat OpenShift Container Platform 3.x nodes?

Solution Verified - Updated -

Issue

  • Attempting to use OpenSCAP on a set of recently installed servers to scan against OpenCIS Benchmark profiles. Results are reporting all Not Applicable.
# oscap xccdf eval --verbose DEVEL --verbose-log-file /home/oscap-node-verbose.txt --profile xccdf_org.ssgproject.content_profile_opencis-node --report /home/node-report.html --oval-results /usr/share/xml/scap/ssg/content/ssg-ocp3-ds-1.2.xml 
  • Only few nodes in the cluster are returning results against the master and node profiles. All other nodes report NotApplicable for RHOCP checks.

Environment

  • Red Hat OpenShift Container Platform 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In