OpenSCAP Scans
#8181
Replies: 4 comments
-
|
Hi,
This may not be the /right/ way to do this, but this is how I do it.
I have a script running on my Uyuni vm as root. Creds are previously stored for spacecmd to avoid having to specify them. I’m using a bespoke tailored file (which was a lot of faff to set up) as we want to achieve 100% on our own set of rules, you can skip that
Each target machine is in a System group called “SCAP: Rocky 9” – but you can use spacecmd to select whatever machines you want.
The tailoring file is deployed previously using Uyun’s config management.
This is scheduled by crontab and the results are automatically imported into Uyuni and viewable for each scanned machine – I don’t need to do any ongoing maintenance other than check the results.
You will need to change paths and some arguments in this script, but hopefully it gives you an idea of one way to do this.
#####################################################
#!/bin/bash
# Email myself to let me know scans are done
echo "Linux scap scans are being performed. Please review them at REDACTED<mailto:REDACTED>" | mail -s "Linux Scap Scan results" ***@***.******@***.***>
# First, clear the ssm in case anything exists
spacecmd ssm_clear
# Now add all the machines from the group to ssm
spacecmd -- ssm_add group:"SCAP: Rocky 9"
# Set the schedule for Rocky 9
# spacecmd scap_schedulexccdfscan ssm '/root/scap/ssg-rl9-ds.xml' 'cis_server_l1_customized' '--tailoring-file /root/scap/scap-tailoring.xml'
# Ensure scap is installed fully (This is a script to ensure all the right tools are on the client)
#spacecmd -y -- system_runscript ssm -f /root/scripts/remote_install_scap.sh
# spacecmd scap_schedulexccdfscan ssm '/root/scap/ssg-rl9-ds.xml' 'profile cis_server_l1_customized_atass-simon --tailoring-file /root/scap/scap-tailoring-rocky9-atass.xml'
# Ensure it's ready
sleep 5
spacecmd scap_schedulexccdfscan ssm '/usr/share/xml/scap/scap-r9/ssg-rl9-ds.xml' 'profile xccdf_org.ssgproject.content_profile_cis_workstation_l1__r9 --tailoring-file /usr/share/xml/scap/scap-r9/tailoring-xccdf.xml'
# Housekeeping - clear the set manager.
spacecmd ssm_clear
#####################################################
From: x0y0 ***@***.***>
Sent: Thursday, January 18, 2024 9:42 AM
To: uyuni-project/uyuni ***@***.***>
Cc: Subscribed ***@***.***>
Subject: [uyuni-project/uyuni] OpenSCAP Scans (Discussion #8181)
Hi everyone!
I want to scan minions for finding CVE. My steps:
1. take a OVAL file
2. used the OVAL file make a XCCDF file. For it I used https://github.com/vmware-archive/vmware-scap-edit
3. go to Systems -> Audit -> Schedule
Command: /usr/bin/oscap xccdf eval
Command-line Arguments: --results results.xml /home/test/xccdf.xml
Path to XCCDF document *: /home/test/xccdf.xml
4. Start a task
5. And I got
This action's status is: Failed.
Killed by signal -9
When I start scanning through Salt -> Remote Commands it finishes, results.xml is created but i am not sure that it is suitable for uyuni.
Could somebody tell what I am doing wrong?
Can I change command "/usr/bin/oscap xccdf eval" to "oscap oval eval"? Will it work?
—
Reply to this email directly, view it on GitHub<#8181>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A7AIN5PKGR3D6KEFZ6GYPILYPDU65AVCNFSM6AAAAABB76Q4PWVHI2DSMVQWIX3LMV43ERDJONRXK43TNFXW4OZWGA4DSNRUG4>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.******@***.***>>
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
@digdilem-work thx, I will try. Could you ask how you import result into Uyuni? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Uyuni itself imports them and they appear in the audit->Openscap menu item, and also under Audit per machine.
Triggering and importing the results are part of the spacecmd scap command.
@digdilem-work<https://github.com/digdilem-work> thx, I will try. Could you ask how you import result into Uyuni?
—
Reply to this email directly, view it on GitHub<#8181 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A7AIN5JXVEUTUSZHHSGTSWTYPD6SPAVCNFSM6AAAAABB76Q4PWVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DCNRXHA4DG>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I got it working in the GUI using syntax of: Command-line Arguments: Path to XCCDF document *: |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi everyone!
I want to scan minions for finding CVE. My steps:
Command: /usr/bin/oscap xccdf eval
Command-line Arguments: --results results.xml /home/test/xccdf.xml
Path to XCCDF document *: /home/test/xccdf.xml
This action's status is: Failed.
Killed by signal -9
When I start scanning through Salt -> Remote Commands it finishes, results.xml is created but i am not sure that it is suitable for uyuni.
Could somebody tell what I am doing wrong?
Can I change command "/usr/bin/oscap xccdf eval" to "oscap oval eval"? Will it work?
Beta Was this translation helpful? Give feedback.
All reactions