5.2. Installation

Procedure 5.1. Installing OpenSCAP Packages

1. On the Satellite Server, install the OpenSCAP plug-in and content.

   1. # satellite-installer --enable-foreman-plugin-openscap

      Copy to Clipboard Toggle word wrap
      Successful installation is indicated by a progress indicator, and the word Success!. The OpenSCAP plugin adds to the Satellite web UI a Compliance section, under the Hosts menu, containing the following pages:

      • Policies
      • SCAP Contents
      • Reports

   2. # yum install puppet-foreman_scap_client

      Copy to Clipboard Toggle word wrap
2. On all external Capsule Servers, install the OpenSCAP plug-in and content.

   Note

   If OpenSCAP functionality is to be enabled on a Capsule Server, Puppet must already have been enabled on that server.

   # satellite-installer --enable-foreman-proxy-plugin-openscap

   Copy to Clipboard Toggle word wrap
   Successful installation is indicated by a progress indicator, and the word Success!. This provides the Puppet classes required to set up hosts to perform OpenSCAP scans and creates the Cron jobs for automated compliance scanning.
3. On external Capsule Servers with the Puppet master role, install the OpenSCAP client.

   # yum install puppet-foreman_scap_client

   Copy to Clipboard Toggle word wrap
   To identify the relevant external Capsule Servers, open the Satellite web UI, navigate to Infrastructure Capsules and identify those external Capsule Servers with Puppet listed in the Features column.

Procedure 5.2. Load the Default OpenSCAP Content

• Load the OpenSCAP content on the Satellite Server.

  # foreman-rake foreman_openscap:bulk_upload:default

  Copy to Clipboard Toggle word wrap

Procedure 5.3. Import OpenSCAP Puppet Modules

1. OpenSCAP requires a Puppet environment, but by default they are only created for Content Views which contain Puppet modules. To list available Puppet environments, open the Satellite web UI and navigate to Configure Environments.
   If there are no Puppet environments, open a CLI session on the Satellite Server and create a directory for the production Puppet environment.

   # mkdir -p /etc/puppet/environments/production/modules

   Copy to Clipboard Toggle word wrap
2. Import the OpenSCAP content into selected Puppet environments. Each host which is to be audited with OpenSCAP must be associated with a Puppet environment.
   1. In the Satellite web UI, select from the context menu Any Organization and Any Location.
   2. Navigate to Configure Environments.
   3. Click Import, then Import from satellite.example.com.
   4. For each Puppet environment associated with hosts to be audited using OpenSCAP, select the check box, then click Update. If no other Puppet environment exists, select the production environment.
      The foreman_scap_client Puppet module, amongst others, will be added to the selected environments.
   5. Verify that the foreman_scap_client Puppet module has been added.
      Navigate to Configure Environments, then click Classes in the Puppet environment's row. The procedure has been successful if the foreman_scap_client Puppet class is listed.

Procedure 5.4. Upload Extra SCAP Content

1. Log in to the Satellite web UI.
2. Navigate to Hosts SCAP contents and click Upload New SCAP Content.
3. Enter a title in the Title text box. For example: RHEL 7.2 SCAP Content.
4. Click Choose file, navigate to the location containing the SCAP content file and select Open.
5. Click Submit.