Chapter 11. Monitoring Compliance


With Satellite, you can centralize compliance monitoring and management. A compliance dashboard provides an overview of compliance of hosts and the ability to view details for each host within the scope of that policy. Compliance reports provide a detailed analysis of compliance of each host with the applicable policy. With this information, you can evaluate the risks presented by each host and manage the resources required to bring hosts into compliance. By monitoring compliance with SCAP, you can verify policy compliance and detect changes in compliance.

11.1. Searching Compliance Reports

Use the Compliance Reports search field to filter the list of available reports on any subset of hosts.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Reports.
  2. Optional: To see a list of available search parameters, click the empty Search field.
  3. Enter the search query in the Search field and click Search. The search query is case insensitive.

Search Query Examples

Find all compliance reports for which more than five rules failed
failed > 5
Find all compliance reports created after January 1, 2023, for hosts with hostnames that contain prod-
host ~ prod- AND date > "Jan 1, 2023"
Find all reports generated by the rhel7_audit compliance policy from an hour ago
"1 hour ago" AND compliance_policy = date = "1 hour ago" AND compliance_policy = rhel7_audit
Find reports that pass an XCCDF rule
xccdf_rule_passed = xccdf_org.ssgproject.content_rule_firefox_preferences-auto-download_actions
Find reports that fail an XCCDF rule
xccdf_rule_failed = xccdf_org.ssgproject.content_rule_firefox_preferences-auto-download_actions
Find reports that have a result different than fail or pass for an XCCDF rule
xccdf_rule_othered = xccdf_org.ssgproject.content_rule_firefox_preferences-auto-download_actions

Additional Information

  • You can create complex queries with the following logical operators: and, not and has. For more information about logical operators, see Supported Operators for Granular Search in Administering Red Hat Satellite.
  • You cannot use regular expressions in a search query. However, you can use multiple fields in a single search expression. For more information about all available search operators, see Supported Operators for Granular Search in Administering Red Hat Satellite.
  • You can bookmark a search to reuse the same search query. For more information, see Creating Bookmarks in Administering Red Hat Satellite.

11.2. Compliance Email Notifications

Satellite Server sends an OpenSCAP Summary email to all users who subscribe to the Compliance policy summary email notifications. For more information on subscribing to email notifications, see Configuring Email Notification Preferences in Administering Red Hat Satellite.

Each time a policy is run, Satellite checks the results against the previous run, noting any changes between them. The email is sent according to the frequency requested by each subscriber, providing a summary of each policy and its most recent result.

11.3. Viewing Compliance Policy Statistics

You can view a compliance policy dashboard to verify compliance reports of a particular policy. The compliance policy dashboard provides a statistical summary of compliance of hosts and the ability to view report details for each host within the scope of that policy.

Consider prioritizing the following hosts when viewing compliance reports:

  • Hosts which were evaluated as Failed
  • Hosts labelled as Never audited because their status is unknown

Prerequisite

  • Your user account has a role assigned that has the view_policies permission.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Policies.
  2. In the row of the required policy, navigate to the Actions column and click Dashboard.

11.4. Examining Hosts per Rule Compliance Result

You can examine a simplified report and use policy rules to list hosts that have a certain compliance result, such as failing a particular rule.

Prerequisite

  • Your user account has a role assigned that has the view_arf_reports and view_hosts permissions.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Reports.
  2. In the Reported At column, navigate to the report of the required host and compliance policy, and click the time link.
  3. Satellite displays a simplified list of policy rules with the results of the scan.
  4. Optional: Filter the rules by check result. From the Show log messages dropdown list, select one of the following filters:

    • Failed and othered – to view rules that have failed or have not been checked during the scan,
    • Failed only – to view only rules that have failed.
  5. Optional: Examine the details of the rule. In the Message column, click the icon next to the name of the rule.
  6. In the row of the required rule, navigate to the Actions column and click Hosts failing this rule.

11.5. Examining Compliance Failures of a Host

You can examine a full compliance report, determine why a host failed compliance on a rule, and, in some cases, see how to remediate a case of non-compliance.

Warning

Do not implement any of the recommended remedial actions or scripts without first testing them in a non-production environment. Remediation might render the system non-functional.

A compliance report consists of the following areas:

  • Introduction
  • Evaluation Characteristics
  • Compliance and Scoring
  • Rule Overview

Prerequisite

  • Your user account has a role assigned that has the view_arf_reports and view_hosts permissions.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Reports to list all compliance reports.
  2. In the row of the required host, navigate to the Actions column and click Full Report to view the complete details of an evaluation report.
  3. Navigate to the Evaluation Characteristics area to review basic details about the evaluation of the host against a specific profile.
  4. Navigate to the Compliance and Scoring area to review evaluation statistics and the host compliance score.
  5. Navigate to the Rule Overview to examine the rules.
  6. Optional: Deselect the check statuses that you want to hide, such as pass, notapplicable, or fixed.
  7. Optional: From the Group rule by dropdown menu, select the criterion for the grouping of rules, such as Severity.
  8. Optional: Enter a search string into the search field to filter rules by title. The search is case insensitive and applied dynamically as you type.
  9. Click the title of a rule to inspect further result details:

    • A description of the rule with instructions for bringing the host into compliance if available.
    • The rationale for the rule.
    • In some cases, a remediation script.

11.6. Deleting a Compliance Report

You can delete compliance reports on your Satellite.

Prerequisite

  • Your user account has a role assigned that has the view_arf_reports and destroy_arf_reports permissions.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Reports.
  2. In the Compliance Reports window, identify the policy that you want to delete and, on the right of the policy’s name, select Delete.
  3. Click OK.

11.7. Deleting Multiple Compliance Reports

You can delete multiple compliance policies simultaneously. However, in the Satellite web UI, compliance policies are paginated, so you must delete one page of reports at a time. If you want to delete all OpenSCAP reports, use the script in Deleting OpenSCAP Reports in the API Guide.

Prerequisite

  • Your user account has a role assigned that has the view_arf_reports and destroy_arf_reports permissions.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Reports.
  2. In the Compliance Reports window, select the compliance reports that you want to delete.
  3. In the upper right of the list, select Delete reports.
  4. Repeat these steps for as many pages as you want to delete.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.