OpenSCAP

OpenSCAP is an ecosystem that provides several tools to assist admnistrators and auditors with assessment, measurement, and enforcement of security baselines. It allows the use of different profiles aligned with different standards such as PCI-DSS.

The plugin aims to upload automatically the openSCAP auditing results to the Rudder Server, and, if you have the external-reports-plugin, to integrate these reports directly in the Rudder node webpage.

Installation

As most of the Rudder plugins, you must install the plugin with the rudder-pkg tool on your Server Rudder.

/opt/rudder/bin/rudder-pkg install-file <path to the rpkg>

This will add one Rudder technique to your Rudder Server.

Usage

In order to use the technique provided and get reports from your nodes, you will need to decline it in different directives following your requirements.

The technique comes with two parameters:

  • profile which is the profile name you want to audit

  • scap_file which is the absolute path (on the node) of the SCAP content from which you will base the audit on

SCAP content refers to document in the XCCDF, OVAL and Source DataStream formats. These documents can be presented in different forms and by different organizations to meet their security automation and technical implementation needs. You can find more informations on the ComplianceAsCode GitHub project.

By default, available scap_files are located on /usr/share/xml/scap/ssg/content/ after install of the openSCAP agent on the nodes. Given profiles for specific scap_files can be obtain with the command:

oscap info <scap_file>

The technique will take care of the openSCAP agent installation and will by default, trigger an audit every hour on your nodes. The reporting file will then be uploaded on your Rudder Server under the folder:

/var/rudder/shared-files/root/files/<node-id>/openscap_report.html

Rudder Webapp integration

With the Rudder plugin Node external reports which allows to add external, static documents and reports in a new tab in the node details webpage, this plugin will display the reports directly in the web interface. A compatible configuration file is distributed with the OpenSCAP-report plugin, you can find it in /var/rudder/packages/rudder-plugin-openscap-report/node-external-reports.properties

The complete documentation of the Node-external-reports plugin is available here.


← GLPI User management →