OpenSCAP is an ecosystem that provides several tools to assist admnistrators and auditors with assessment, measurement, and enforcement of security baselines. It allows the use of different profiles aligned with different standards such as PCI-DSS.
The plugin aims to upload automatically the openSCAP auditing results to the Rudder Server, and, if you have the
external-reports-plugin, to integrate these reports directly in the Rudder node webpage.
In order to use the technique provided and get reports from your nodes, you will need to decline it in different directives following your requirements.
The technique comes with two parameters:
profilewhich is the profile name you want to audit
scap_filewhich is the absolute path (on the node) of the SCAP content from which you will base the audit on
SCAP content refers to document in the XCCDF, OVAL and Source DataStream formats. These documents can be presented in different forms and by different organizations to meet their security automation and technical implementation needs. You can find more informations on the ComplianceAsCode GitHub project.
By default, available
scap_files are located on
/usr/share/xml/scap/ssg/content/ after install of the openSCAP agent on the nodes. Given profiles for specific scap_files can be obtain with the command:
oscap info <scap_file>
The technique will take care of the openSCAP agent installation and will by default, trigger an audit every hour on your nodes. The reporting file will then be uploaded on your Rudder Server under the folder:
With the Rudder plugin
Node external reports which allows to add external, static documents and reports in a new tab in the
node details webpage, this plugin will display the reports directly in the web interface.
A compatible configuration file is distributed with the
OpenSCAP-report plugin, you can find it in
The complete documentation of the
Node-external-reports plugin is available here.
← Notification Scale out relay servers →