Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 2. Getting started using the compliance service
This section describes how to configure your RHEL systems to report compliance data to the Insights for RHEL application. This installs necessary additional components such as the SCAP Security Guide (SSG), which is used to perform the compliance scan.
Prerequisites
- The Insights client is deployed on the system.
- You must have root privileges on the system.
Procedure
Check the version of RHEL on the system:
[user@insights]$ cat /etc/redhat-release
Review the Insights Compliance - Supported configurations article and make note of the supported SSG version for the RHEL minor version on the system.
NoteSome minor versions of RHEL support more than one version of SSG. The Insights compliance service will always show results for the latest supported version.
Check if the supported version of the SSG package is installed on the system:
Example - for RHEL 8.4 run:
[root@insights]# dnf info scap-security-guide-0.1.57-3.el8_4
If it isn’t already installed, install the supported version of SSG on the system.
Example - for RHEL 8.4 run:
[root@insights]# dnf install scap-security-guide-0.1.57-3.el8_4
In the compliance service UI, Security > Compliance > SCAP policies, add the system to a policy.
- Click Create new policy to add the system to a new security policy.
- Or, select an existing policy and click Edit policy to add the system to it.
After adding each system to the desired security policy, return to the system and run the compliance scan using:
[root@insights]# insights-client --compliance
NoteThe scan can take 1-5 minutes to complete.
- Navigate to Security > Compliance > Reports to view results.
-
Optional: Schedule the compliance jobs to run with
cron.
Additional Resources
To learn which versions of the SCAP Security Guide are supported for Red Hat Enterprise Linux minor versions, see Insights Compliance - Supported configurations.
2.1. Setting up recurring scans for Insights services
To get the most accurate recommendations from Insights for Red Hat Enterprise Linux services such as Compliance and Malware detection, you might need to manually scan and upload data collection reports to the services on a regular schedule.
Use the following insights-client commands to run the commands manually:
# insights-client --compliance # insights-client --collector malware-detection
Currently, Insights does not have an automated scheduler to perform the scans for you, but you can configure a cron job to schedule automatic scans.
Before you create a cron job, make sure that the commands work properly when you run them manually.
Prerequisites
- The services you want to use (Compliance and Malware Detection) are configured and running on your system.
Procedure
At the system prompt, issue the
crontab -ecommand to edit thecrontabfile. This command opens your default text editor.$ crontab -e
Add a
crontabentry for the service you want to run. For example:10 20 * * * /bin/insights-client --compliance 10 21 * * * /bin/insights-client --collector malware-detection
In this example, the first command uploads a Compliance report to Insights every day at 20:10 local time. The second command uploads a malware detection report to Insights every day at 21:10 local time.
- Save the file and exit the text editor.
