Este contenido no está disponible en el idioma seleccionado.
Chapter 11. Monitoring compliance
With Satellite, you can centralize compliance monitoring and management. A compliance dashboard provides an overview of compliance of hosts and the ability to view details for each host within the scope of that policy. Compliance reports provide a detailed analysis of compliance of each host with the applicable policy. With this information, you can evaluate the risks presented by each host and manage the resources required to bring hosts into compliance. By monitoring compliance with SCAP, you can verify policy compliance and detect changes in compliance.
11.1. Searching compliance reports
Use the Compliance Reports search field to filter the list of available reports on any subset of hosts.
Procedure
- In the Satellite web UI, navigate to Hosts > Compliance > Reports.
- Optional: To see a list of available search parameters, click the empty Search field.
- Enter the search query in the Search field and click Search. The search query is case insensitive.
Search query examples
- Find all compliance reports for which more than five rules failed
failed > 5
- Find all compliance reports created after January 1, 2023, for hosts with hostnames that contain
prod-
host ~ prod- AND date > "Jan 1, 2023"
- Find all reports generated by the
rhel7_audit
compliance policy from an hour ago
"1 hour ago" AND compliance_policy = date = "1 hour ago" AND compliance_policy = rhel7_audit
- Find reports that pass an XCCDF rule
xccdf_rule_passed = xccdf_org.ssgproject.content_rule_firefox_preferences-auto-download_actions
- Find reports that fail an XCCDF rule
xccdf_rule_failed = xccdf_org.ssgproject.content_rule_firefox_preferences-auto-download_actions
- Find reports that have a result different than fail or pass for an XCCDF rule
xccdf_rule_othered = xccdf_org.ssgproject.content_rule_firefox_preferences-auto-download_actions
Additional information
-
You can create complex queries with the following logical operators:
and
,not
andhas
. For more information about logical operators, see Supported Operators for Granular Search in Administering Red Hat Satellite. - You cannot use regular expressions in a search query. However, you can use multiple fields in a single search expression. For more information about all available search operators, see Supported Operators for Granular Search in Administering Red Hat Satellite.
- You can bookmark a search to reuse the same search query. For more information, see Creating Bookmarks in Administering Red Hat Satellite.
11.2. Compliance email notifications
Satellite Server sends an OpenSCAP Summary email to all users who subscribe to the Compliance policy summary email notifications. For more information on subscribing to email notifications, see Configuring Email Notification Preferences in Administering Red Hat Satellite.
Each time a policy is run, Satellite checks the results against the previous run, noting any changes between them. The email is sent according to the frequency requested by each subscriber, providing a summary of each policy and its most recent result.
11.3. Viewing compliance policy statistics
You can view a compliance policy dashboard to verify compliance reports of a particular policy. The compliance policy dashboard provides a statistical summary of compliance of hosts and the ability to view report details for each host within the scope of that policy.
Consider prioritizing the following hosts when viewing compliance reports:
-
Hosts which were evaluated as
Failed
-
Hosts labelled as
Never audited
because their status is unknown
Prerequisites
-
Your user account has a role assigned that has the
view_policies
permission.
Procedure
- In the Satellite web UI, navigate to Hosts > Compliance > Policies.
- In the row of the required policy, navigate to the Actions column and click Dashboard.
11.4. Remediating compliance failures
With Satellite, you can examine compliance reports and, in some cases, remediate cases of non-compliance. You can remediate compliance failures by using a remediation wizard or by applying remediation snippets manually.
Always test the recommended remedial actions or scripts in a non-production environment before implementing them in production. Remediation might render the system non-functional.
Prerequisites
-
Your user account has a role assigned that has the following permissions:
view_arf_reports
,view_hosts
,create_job_invocations
Procedure
- In the Satellite web UI, navigate to Hosts > Compliance > Reports.
- In the Reported At column, click the time link of the report you want to examine. Satellite displays a list of log messages describing the results of the scan.
Locate a log message that describes a failed compliance check. In the Actions column, select Remediation to open the compliance remediation wizard. Follow the wizard to remediate the compliance failure.
NoteThe remediation wizard might not be available for all compliance failures.
Additional resources
- You can apply the remediation snippet by manually configuring a remote job. For more information, see Configuring and setting up remote jobs in Managing hosts.
11.5. Deleting a compliance report
You can delete compliance reports on your Satellite.
Prerequisites
-
Your user account has a role assigned that has the
view_arf_reports
anddestroy_arf_reports
permissions.
Procedure
- In the Satellite web UI, navigate to Hosts > Compliance > Reports.
- In the Compliance Reports window, identify the policy that you want to delete and, on the right of the policy’s name, select Delete.
- Click OK.
11.6. Deleting multiple compliance reports
You can delete multiple compliance policies simultaneously. However, in the Satellite web UI, compliance policies are paginated, so you must delete one page of reports at a time. If you want to delete all OpenSCAP reports, use the script in Deleting OpenSCAP Reports in the API guide.
Prerequisites
-
Your user account has a role assigned that has the
view_arf_reports
anddestroy_arf_reports
permissions.
Procedure
- In the Satellite web UI, navigate to Hosts > Compliance > Reports.
- In the Compliance Reports window, select the compliance reports that you want to delete.
- In the upper right of the list, select Delete reports.
- Repeat these steps for as many pages as you want to delete.