SupportConsoleDevelopersStart a trialContact

Chapter 11. Monitoring compliance

With Satellite, you can centralize compliance monitoring and management. A compliance dashboard provides an overview of compliance of hosts and the ability to view details for each host within the scope of that policy. Compliance reports provide a detailed analysis of compliance of each host with the applicable policy. With this information, you can evaluate the risks presented by each host and manage the resources required to bring hosts into compliance. By monitoring compliance with SCAP, you can verify policy compliance and detect changes in compliance.

11.1. Searching compliance reports

Use the Compliance Reports search field to filter the list of available reports on any subset of hosts.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Compliance > Reports.
  2. Optional: To see a list of available search parameters, click the empty Search field.
  3. Enter the search query in the Search field and click Search. The search query is case insensitive.

Search query examples

Find all compliance reports for which more than five rules failed
failed > 5
Find all compliance reports created after January 1, 2023, for hosts with hostnames that contain prod-
host ~ prod- AND date > "Jan 1, 2023"
Find all reports generated by the rhel7_audit compliance policy from an hour ago
"1 hour ago" AND compliance_policy = date = "1 hour ago" AND compliance_policy = rhel7_audit
Find reports that pass an XCCDF rule
xccdf_rule_passed = xccdf_org.ssgproject.content_rule_firefox_preferences-auto-download_actions
Find reports that fail an XCCDF rule
xccdf_rule_failed = xccdf_org.ssgproject.content_rule_firefox_preferences-auto-download_actions
Find reports that have a result different than fail or pass for an XCCDF rule
xccdf_rule_othered = xccdf_org.ssgproject.content_rule_firefox_preferences-auto-download_actions

Additional information

  • You can create complex queries with the following logical operators: and, not and has. For more information about logical operators, see Supported Operators for Granular Search in Administering Red Hat Satellite.
  • You cannot use regular expressions in a search query. However, you can use multiple fields in a single search expression. For more information about all available search operators, see Supported Operators for Granular Search in Administering Red Hat Satellite.
  • You can bookmark a search to reuse the same search query. For more information, see Creating Bookmarks in Administering Red Hat Satellite.

11.2. Compliance email notifications

Satellite Server sends an OpenSCAP Summary email to all users who subscribe to the Compliance policy summary email notifications. For more information on subscribing to email notifications, see Configuring Email Notification Preferences in Administering Red Hat Satellite.

Each time a policy is run, Satellite checks the results against the previous run, noting any changes between them. The email is sent according to the frequency requested by each subscriber, providing a summary of each policy and its most recent result.

11.3. Viewing compliance policy statistics

You can view a compliance policy dashboard to verify compliance reports of a particular policy. The compliance policy dashboard provides a statistical summary of compliance of hosts and the ability to view report details for each host within the scope of that policy.

Consider prioritizing the following hosts when viewing compliance reports:

  • Hosts which were evaluated as Failed
  • Hosts labelled as Never audited because their status is unknown

Prerequisites

  • Your user account has a role assigned that has the view_policies permission.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Compliance > Policies.
  2. In the row of the required policy, navigate to the Actions column and click Dashboard.

11.4. Remediating compliance failures

With Satellite, you can examine compliance reports and, in some cases, remediate cases of non-compliance. You can remediate compliance failures by using a remediation wizard or by applying remediation snippets manually.

Warning

Always test the recommended remedial actions or scripts in a non-production environment before implementing them in production. Remediation might render the system non-functional.

Prerequisites

  • Your user account has a role assigned that has the following permissions: view_arf_reports, view_hosts, create_job_invocations

Procedure

  1. In the Satellite web UI, navigate to Hosts > Compliance > Reports.
  2. In the Reported At column, click the time link of the report you want to examine. Satellite displays a list of log messages describing the results of the scan.

  3. Locate a log message that describes a failed compliance check. In the Actions column, select Remediation to open the compliance remediation wizard. Follow the wizard to remediate the compliance failure.

    Note

    The remediation wizard might not be available for all compliance failures.

Additional resources

11.5. Deleting a compliance report

You can delete compliance reports on your Satellite.

Prerequisites

  • Your user account has a role assigned that has the view_arf_reports and destroy_arf_reports permissions.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Compliance > Reports.
  2. In the Compliance Reports window, identify the policy that you want to delete and, on the right of the policy’s name, select Delete.
  3. Click OK.

11.6. Deleting multiple compliance reports

You can delete multiple compliance policies simultaneously. However, in the Satellite web UI, compliance policies are paginated, so you must delete one page of reports at a time. If you want to delete all OpenSCAP reports, use the script in Deleting OpenSCAP Reports in the API guide.

Prerequisites

  • Your user account has a role assigned that has the view_arf_reports and destroy_arf_reports permissions.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Compliance > Reports.
  2. In the Compliance Reports window, select the compliance reports that you want to delete.
  3. In the upper right of the list, select Delete reports.
  4. Repeat these steps for as many pages as you want to delete.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.