8.6. Creating a Remediation Ansible Playbook to Align the System with a Specific Baseline


Use this procedure to create an Ansible playbook containing only the remediations that are needed to align your system with a specific baseline. This example uses the Protection Profile for General Purpose Operating Systems (OSPP). With this procedure, you create a smaller playbook that does not cover already satisfied requirements. By following these steps, you do not modify your system in any way, you only prepare a file for later application.

Prerequisites

  • The scap-security-guide package is installed on your system.

Procedure

  1. Scan the system and save the results:
    ~]# oscap xccdf eval --profile ospp --results ospp-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
  2. Generate an Ansible playbook based on the file generated in the previous step:
    ~]# oscap xccdf generate fix --fix-type ansible --profile ospp --output ospp-remediations.yml ospp-results.xml
  3. The ospp-remediations.yml file contains Ansible remediations for rules that failed during the scan performed in step 1. After you review this generated file, you can apply it with the ansible-playbook ospp-remediations.yml command.

Verification

  1. In a text editor of your choice, review that the ospp-remediations.yml file contains rules that failed in the scan performed in step 1.

Additional Resources

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.