Este conteúdo não está disponível no idioma selecionado.

Chapter 3. Creating and managing remediation playbooks in Insights


The workflow to create playbooks is similar in each of the services in Insights for Red Hat Enterprise Linux. In general, you will fix one or more issues on a system or group of systems.

Playbooks focus on issues identified by Insights services. A recommended practice for playbooks is to include systems of the same RHEL major/minor versions because the resolutions will be compatible.

3.1. Creating a playbook to remediate a CVE vulnerability on RHEL systems

Create a remediation playbook in the Red Hat Insights vulnerability service. The workflow to create a playbook is similar for other services in Insights for Red Hat Enterprise Linux.

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.
Note

No enhanced User Access permissions are required to create remediation playbooks.

Procedure

  1. Navigate to the Security > Vulnerability > CVEs page.
  2. Set filters as needed and click on a CVE.
  3. Scroll down to view affected systems.
  4. Select systems to include in a remediation playbook by clicking the box to the left of the system ID.

    Note

    Include systems of the same RHEL major/minor version, which you can do by filtering the list of affected systems.

  5. Click the Remediate button.
  6. Select whether to add the remediations to an existing or new playbook and take the following action:

    1. Click Add to existing playbook and select the desired playbook from the dropdown list, OR
    2. Click Create new playbook and add a playbook name.
    3. Click Next.
  7. Review the systems to include in the playbook, then click Next.
  8. Review the information in the Remediation review summary.

    1. By default, autoreboot is enabled. You can disable this option by clicking Turn off autoreboot.
    2. Click Submit.

Verification step

  1. Navigate to Automation Toolkit > Remediations.
  2. Search for your playbook. You should see your playbook.

3.1.1. Creating playbooks to remediate CVEs with security rules when recommended and alternate resolution options exist

Most CVEs in Red Hat Insights for RHEL will have one remediation option for you to use to resolve an issue. Remediating a CVE with security rules might include more than one resolution a recommended and one or more alternate resolutions. The workflow to create playbooks for CVEs that have one or more resolution options is similar to the remediation steps in the advisor service.

For more information about security rules, see Security rules , and Filtering lists of systems exposed to security rules in Assessing and Monitoring Security Vulnerabilities on RHEL Systems .

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.
Note

You do not need enhanced User Access permissions to create remediation playbooks.

Procedure

  1. Navigate to Security > Vulnerability > CVEs.
  2. Set filters if needed (for example, filter to see CVEs with security rules to focus on issues that have elevated risk associated with them). Or, click the CVEs with security rules tile on the dashbar. Both options show in the example image.

    a dashbar with two different ways to search or filter CVEs with security rules

  3. Click a CVE in the list. CVE link
  4. Scroll to view affected systems, and select systems you want to include in a remediation playbook by clicking the box to the left of the system ID on the Review systems page. (Selecting one or more systems activates the Remediate button.)

    Note

    Recommended: Include systems of the same RHEL major or minor version by filtering the list of affected systems.

  5. Click Remediate.
  6. Decide whether to add the remediations to an existing or new playbook by taking one of the following actions:

    • Choose Add to existing playbook and select the desired playbook from the dropdown list, OR
    • Choose Create new playbook, and add a playbook name. For this example, HCCDOC-392.
  7. Click Next. A list of systems shows on the screen.
  8. Review the systems to include in the playbook (deselect any systems that you do not want to include).
  9. Click Next to see the Review and edit actions page, which shows you options to remediate the CVE. The number of items to remediate can vary. You will also see additional information (that you can expand and collapse) about the CVE, such as:

    • Action: Shows the CVE ID.
    • Resolution: Displays the recommended resolution for the CVE. Shows if you have alternate resolution options.
    • Reboot required: Shows whether you must reboot your systems.
    • Systems: Shows the number of systems you are remediating.
  10. On the Review and edit actions page, choose one of two options to finish creating your playbook:

    • Option 1: To review all of the recommended and alternative remediation options available (and choose one of those options):

      1. Select Review and/or change the resolution steps for this 1 action or similar based on your actual options.

selection of review and/or change the resolution steps for this 1 action option

  1. Click Next.
  2. On the Choose action: <CVE information> page, click a tile to select your preferred remediation option. The bottom edge of the tile highlights when you select it. The recommended solution is highlighted by default.

    one of two tiles showing recommended and alternate remediation options

  3. Click Next.

    • Option 2: To accept all recommended remediations:

      • Choose Accept all recommended resolutions steps for all actions.

    selected option to accept all recommended resolution steps

    1. Review information about your selections and change options for autoreboot of systems on the Remediations review page. The page shows you the:

      • Issues you are adding to your playbook.
      • Options for changing system autoreboot requirements.
      • Summary about CVEs and resolution options to fix them.

         +
        image:img-remedy-remediation-review-summary.png[summary of remediation actions]
    2. Optional. Change autoreboot options on the Remediation review page, if needed. (Autoreboot is enabled by default, but your settings might vary based on your remediation options.)
    3. Click Submit. A notification displays that shows the number of remediation actions added to your playbook, and other information about your playbook.

Verification step

  1. Navigate to Automation Toolkit > Remediations.
  2. Search for your playbook.
  3. To run (execute) your playbook, see Executing remediation playbooks from Insights for Red Hat Enterprise Linux.

3.2. Managing remediation playbooks in Insights for Red Hat Enterprise Linux

You can download, archive, and delete existing remediation playbooks for your organization. The following procedures describe how to perform common playbook-management tasks.

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.
Note

No enhanced permissions are required to view, edit, or download information about existing playbooks.

3.2.1. Downloading a remediation playbook

Use the following procedure to download a remediation playbook from the Insights for Red Hat Enterprise Linux application.

Procedure

  1. Navigate to Automation Toolkit > Remediations.
  2. Locate the playbook you want to manage and click on the name of the playbook. The playbook details are visible.
  3. Click the Download playbook button to download the playbook YAML file to your local drive.

3.2.2. Archiving a remediation playbook

You can archive a remediation playbook that is no longer needed, but the details of which you want to preserve.

Procedure

  1. Navigate to Automation Toolkit > Remediations.
  2. Locate the playbook you want to archive.
  3. Click on the options icon (⋮) and select Archive playbook. The playbook is archived.

3.2.3. Viewing archived remediation playbooks

You can view archived remediation playbooks in Insights for Red Hat Enterprise Linux.

Procedure

  1. Navigate to Automation Toolkit > Remediations.
  2. Click the More options icon More options icon that is to the right of the Download playbook button and select Show archived playbooks.

3.2.4. Deleting a remediation playbook

You can delete a playbooks that is no longer needed.

Procedure

  1. Navigate to Automation Toolkit > Remediations.
  2. Locate and click on the name of the playbook you want to delete.
  3. On the playbook details page, click the More options icon More options icon and select Delete.

3.2.5. Monitoring remediation status

You can view the remediation status for each playbook that you execute from the Insights for Red Hat Enterprise Linux remediations service. The status information tells you the results of the latest activity and provides a summary of all activity for playbook execution. You can also view log information for playbook execution.

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.

Procedure

  1. Navigate to Automation Toolkit > Remediations. The page displays a list of remediation playbooks.
  2. Click on the name of a playbook.
  3. From the Actions tab, click any item in the Status column to view a pop-up box with the status of the resolution.

To monitor the status of a playbook in the Satellite web UI, see Monitoring Remote Jobs in the Red Hat Satellite Managing Hosts guide.

Red Hat logoGithubRedditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja oBlog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

© 2024 Red Hat, Inc.