Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 3. Creating a remediation plan in Insights

You can create a remediation plan to fix one or more issues identified by Red Hat Insights for a system or group of RHEL systems in your organization.

To create a remediation plan in Insights, you need to do the following:

  1. Find an issue to resolve
  2. Review the recommended remediation steps
  3. Select the systems to remediate

You can create a remediation plan to address recommendations and issues found by the following services of Insights:

  • advisor
  • compliance
  • vulnerability
  • patch

You can start the wizard for creating a remediation plan by clicking the Plan remediation button after you have selected at least one system and an issue or recommendation for remediation. You can also start the Plan remediation wizard from the Insights Inventory details page for a system, provided Insights services have detected any issues that impact the system.

The workflow to create a remediation plan is similar for all services in Insights for Red Hat Enterprise Linux that support remediations. For more information, see Insights remediations workflow in the Remediations overview section.

Important

Some of the recommended paths to remediate an issue require manual actions and do not have an associated Ansible Playbook. In the Insights UI, you will see that those issues or recommendations have a Remediation type value of Manual.

You can create a remediation plan for any Insights recommendations or remedial actions that have a Remediation type value of Playbook.

When you create a remediation plan, Insights generates an Ansible Playbook from the built-in play for that issue to implement the required remediation actions and the reboot instructions on the selected host systems.

Advisor recommendations

The advisor service assesses and monitors the health of your Red Hat Insights for Red Hat Enterprise Linux infrastructure and provides recommendations to address availability, stability, performance, and security issues. Red Hat Insights detects the systems in your infrastructure that are impacted and provides a set of recommended actions that can help you prioritize and plan how to remediate your systems.

For more information about the Red Hat Insights advisor service, see Assessing RHEL Configuration Issues Using the Red Hat Insights Advisor Service.

To create a remediation plan that addresses a recommendation generated by the Insights advisor service, complete the following procedure.

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.

    Note

    By default, all Insights users have permissions to create remediation plans. However, you will need the Remediations administrator role to execute a remediation plan on remote hosts from Insights. For more information, see the Required permissions for remediation plan execution.

Procedure

  1. Choose an Insights advisor service recommendation to remediate:

    1. Navigate to Operations > Advisor > Recommendations.
    2. Review the Recommendations table to see which recommendations are applicable for your systems and whether they have a playbook already created.

    3. Use the search and filtering function in the table to sort the items by Resolution type.

      Important

      Look for recommendations that have a Resolution type of Playbook. You cannot create a remediation plan if the Resolution type is set to Manual.

    4. Click the recommendation name. The full details of the recommendation are displayed, and a list of impacted systems is displayed on the lower part of the page.

  2. Select which systems to include in the remediation plan:

    1. Scroll to view all of the registered RHEL systems that are impacted by the recommendation.

    2. Find the systems to include. If needed, use the search and filter functions in the table. For example, you can use the filtering options to list the affected systems by version.

      Important

      To create a remediation plan for a group of systems, all systems in the group must be running the same RHEL major and minor versions to ensure that the resolution applied by the Red Hat Insights-generated playbook is compatible.

    3. Select at least one system to include in a remediation plan by clicking the checkbox to the left of the system ID.

  3. Create and save the plan:

    1. Click Plan remediation to start the wizard.

    2. Select Create new playbook, and enter a name for the playbook.

      Note

      You can also add this recommendation or the selected systems to an existing remediation plan by choosing Add to existing playbook, and then selecting the plan name from the list presented.

    3. Under Review systems, review the systems included in the plan, and if applicable, clear the checkbox next to any systems that you do not want to include.
    4. Click Next.

    5. Under Review and edit actions, review the resolution steps for the action. Some actions will present different steps that you can choose from in the wizard. Complete one of the following steps:

      • If the action has a choice of methods to remediate:

        • Select Review and/or change the resolution steps for this 1 action, and click Next.
        • Choose one of the step choices, and click Next.
      • If there are no choices to be made and you are satisfied with the actions for this plan, select Accept all recommended resolution steps for all actions, and then click Next.

  4. On the Remediation review pane, review the summary of your remediation plan and use the back button to make changes if needed.

    Note

    If a reboot is required to fix the issue or risk, all systems in the remediation plan will be automatically rebooted. If you prefer to reboot manually after the plan has been executed, toggle the Auto-reboot button accordingly.

  5. Click Submit.

Verification steps

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for your remediation plan in the table. Click the remediation plan to open the plan.

Create a remediation plan in the Red Hat Insights vulnerability service. The workflow to create a remediation plan is similar for other services in Insights for Red Hat Enterprise Linux. When you create a remediation plan, Insights uses Ansible Playbooks to remediate or mitigate CVE vulnerabilities on your systems and apply any required patches.

The Red Hat Insights advisor service analyzes and detects which systems in your organization are affected by known problems.

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.

    Note

    By default, all Insights users have permissions to create remediation plans. However, you need the Remediations administrator role to execute a remediation plan on remote hosts from Insights. For more information, see Required permissions for remediation plan execution.

Procedure

  1. Navigate to the Security > Vulnerability > CVEs page.
  2. Set the filters as needed and select a CVE.
  3. Scroll down to view all of the affected systems. Use the filtering options to list the affected systems by version.

  4. Select systems to include in a remediation plan by clicking the box to the left of the system ID.

    Important

    To create a remediation plan for a group of systems, all systems in the group must be running the same RHEL major and minor versions to ensure that the resolution applied by the Red Hat Insights-generated playbook is compatible.

  5. Click Plan remediation.

  6. Choose whether to add the remediations to an existing or new remediation plan, and then do one of the following actions, and then click Next:

    • Click Add to existing playbook, and then select a remediation plan from the list presented.
    • Click Create new playbook, and enter a name for the playbook.

  7. Review the systems to include in the remediation plan, then click Next.

    Note

    Only affected systems can be selected and included in a remediation plan.

  8. Review the information under the remediation review summary.

    1. If a reboot is required to fix the issue or risk, all systems in the remediation plan will be automatically rebooted. If you prefer to reboot manually after the plan has been executed, toggle the Auto-reboot button accordingly.
    2. Click Submit.

Verification steps

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for your remediation plan. You should see the plan that you just created showing in the list.

Most CVEs in Red Hat Insights for RHEL will have one remediation option for you to use to resolve an issue. Remediating a CVE with security rules might include more than one resolution from which to choose. For example, you might have a recommended action to take, and one or more alternate resolutions. The workflow to create remediation plans for CVEs that have one or more resolution options is similar to the remediation steps in the advisor service.

For more information about security rules, see Security rules and Filtering lists of systems exposed to security rules in Assessing and Monitoring Security Vulnerabilities on RHEL Systems .

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.

    Note

    By default, all Insights users have permissions to create remediation plans. However, you will need the Remediations administrator role to execute a remediation plan on remote hosts from Insights. For more information, see the Required permissions for remediation plan execution.

Procedure

  1. Navigate to Security > Vulnerability > CVEs.

  2. Set filters if needed (for example, filter to see CVEs with security rules to focus on issues that have elevated risk associated with them). Or, click the CVEs with security rules tile on the dashbar.

    A screen capture of a dashbar with two different ways to search or filter CVEs with security rules

  3. Click a CVE in the list.

  4. Scroll to view affected systems, and select the systems you want to include in a remediation plan by clicking the box to the left of the system ID on the Review systems page. When you select at least one system, the Plan remediation button gets activated.

    Note

    Recommended: Include systems of the same RHEL major or minor version by filtering the list of affected systems.

  5. Click Plan remediation.

  6. Decide whether to add the selected remediations to an existing or new remediation plan by taking one of the following actions:

    • Click Add to existing playbook and select the required playbook from the dropdown list.
    • Click Create new playbook, and add a playbook name.

  7. Click Next. The systems impacted by the CVE are listed.

    Note

    Only impacted systems can be selected and included in a remediation plan.

  8. Review the systems to include in the playbook and clear the checkbox beside any systems that you do not want to include.

  9. Click Next to see the Review and edit actions page, which shows you options to remediate the CVE. The number of items to remediate can vary. You will also see additional information (that you can expand and collapse) about the CVE, such as:

    • Action: Shows the CVE ID.
    • Resolution: Displays the recommended resolution for the CVE and also confirms whether you have alternate resolution options.
    • Reboot required: Confirms whether you must reboot your systems.
    • Systems: Confirms the number of systems you are remediating.

  10. On the Review and edit actions page, choose one of two options to finish creating your remediation plan and to generate the Ansible Playbook:

    • Option 1: To review all of the recommended and alternative remediation options available (and choose one of those options):

      1. Select Review and/or change the resolution steps for this 1 action or similar based on your actual options.
      2. Click Next.
      3. On the Choose action: <CVE information> page, click a tile to select your preferred remediation option. The bottom edge of the tile highlights when selected. The recommended solution is highlighted by default.
      4. Click Next.

    • Option 2: To accept all recommended remediations:

      1. Choose Accept all recommended resolution steps for all actions.
      2. Click Next.

  11. On the final Remediation review pane, review the summary of your remediation plan and use the back button to make changes to the actions or resolution options if required.

    Note

    If a reboot is required to fix the issue or risk, all systems in the remediation plan will be automatically rebooted. If you prefer to reboot manually after the plan has been executed, toggle the Auto-reboot button accordingly.

  12. Click Submit.

Results

A notification confirming the total number of remediation actions and other information about your remediation plan is displayed.

Next steps

To view your remediation plan:

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for your remediation plan.
  3. To execute your remediation plan and run the generated Ansible Playbook on the affected systems, see Executing remediation playbooks from the Insights UI.
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat