Rechercher
SupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 8. Managing compliance policies

download PDF

A compliance policy is a scheduled audit that checks the specified hosts for compliance against a specific XCCDF profile from a SCAP content.

You specify the schedule for scans on Satellite Server and the scans are performed on hosts. When a scan completes, a report in ARF format is generated and uploaded to Satellite Server. The compliance policy makes no changes to the scanned host.

A compliance policy defines a SCAP client configuration and a cron schedule. The policy is then deployed together with the SCAP client on hosts to which the policy is assigned.

8.1. Creating a compliance policy

By creating a compliance policy, you can define and plan your security compliance requirements, and ensure that your hosts remain compliant to your security policies.

Prerequisites

Procedure

  1. In the Satellite web UI, navigate to Hosts > Compliance > Policies.
  2. Click New Policy or New Compliance Policy.
  3. Select the deployment method: Ansible, Puppet, or Manual. Then click Next.
  4. Enter a name for this policy, a description (optional), then click Next.

  5. Select the SCAP Content and XCCDF Profile to be applied, then click Next.

    Note that Satellite does not detect whether the selected XCCDF profile contains any rules. An empty XCCDF profile, such as the Default XCCDF Profile, will return empty reports.

  6. Optional: To customize the XCCDF profile, select a Tailoring File and a XCCDF Profile in Tailoring File, then click Next.

  7. Specify the scheduled time when the policy is to be applied. Select Weekly, Monthly, or Custom from the Period list. The Custom option allows for greater flexibility in the policy’s schedule.

    • If you select Weekly, also select the desired day of the week from the Weekday list.
    • If you select Monthly, also specify the desired day of the month in the Day of month field.
    • If you select Custom, enter a valid Cron expression in the Cron line field.
  8. Select the locations to which to apply the policy, then click Next.
  9. Select the organizations to which to apply the policy, then click Next.
  10. Optional: Select the host groups to which to assign the policy.
  11. Click Submit.

8.2. Viewing a compliance policy

You can preview the rules which will be applied by specific OpenSCAP content and profile combination. This is useful when you plan policies.

Prerequisites

  • Your user account has a role assigned that has the view_policies permission.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Compliance > Policies.
  2. In the Actions column of the required policy, click Show Guide or select it from the list.

8.3. Editing a compliance policy

In the Satellite web UI, you can edit compliance policies.

Puppet agent applies an edited policy to the host on the next run. By default, this occurs every 30 minutes. If you use Ansible, you must run the Ansible role manually again or have configured a recurring remote execution job that runs the Ansible role on hosts.

Prerequisites

  • Your user account has a role assigned that has the view_policies and edit_policies permissions.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Compliance > Policies.
  2. Click the name of the required policy.
  3. Edit the necessary attributes.
  4. Click Submit.

8.4. Deleting a compliance policy

In the Satellite web UI, you can delete existing compliance policies.

Prerequisites

  • Your user account has a role assigned that has the view_policies and destroy_policies permissions.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Compliance > Policies.
  2. In the Actions column of the required policy, select Delete from the list.
  3. Click OK in the confirmation message.
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.