Chapter 10. Running a Security Compliance Scan on Demand
Hosts perform OpenSCAP scans regularly by the CRON schedule defined in the compliance policies assigned to hosts. However, you can also run a scan on a host for all configured compliance policies manually at any time.
Prerequisites
-
Your user account has a role assigned that has the
view_hosts
,create_job_invocations
, andview_job_invocations
permissions. You have created a compliance policy and deployed it on the host.
- For more information about managing policies, see Chapter 8, Managing Compliance Policies.
- For more information about deploying policies, see Chapter 9, Deploying Compliance Policies.
Procedure
- Navigate to Hosts > All Hosts.
- Click the hostname of the required host.
- On the host details page, expand the Schedule a job dropdown menu.
- Select Run OpenSCAP scan.
Verification
- In the host details overview, locate the Recent jobs card.
- Select the Running tab. Unless the job has already finished, the table shows a job called Run scan for all OpenSCAP policies.
- On the Recent jobs card, select the Finished tab.
- If the job has finished successfully, you should see the succeeded status in the row of the job.
- Optional: Click the job name to review invocation details.