OpenSCAP
OpenSCAP is an ecosystem that provides several tools to assist admnistrators and auditors with assessment, measurement, and enforcement of security baselines. It allows the use of different profiles aligned with different standards such as PCI-DSS.
The plugin aims to upload automatically the openSCAP auditing results to the Rudder Server, and, if you have the external-reports-plugin
, to integrate these reports directly in the Rudder node webpage.
Usage
In order to use the technique provided and get reports from your nodes, you will need to decline it in different directives following your requirements.
The technique comes with two parameters:
-
profile
which is the profile name you want to audit -
scap_file
which is the absolute path (on the node) of the SCAP content from which you will base the audit on
SCAP content refers to document in the XCCDF, OVAL and Source DataStream formats. These documents can be presented in different forms and by different organizations to meet their security automation and technical implementation needs. You can find more informations on the ComplianceAsCode GitHub project.
By default, available scap_files
are located on /usr/share/xml/scap/ssg/content/
after install of the openSCAP agent on the nodes. Given profiles for specific scap_files can be obtain with the command:
oscap info <scap_file>
The technique will take care of the openSCAP agent installation and will by default, trigger an audit every hour on your nodes. The reporting file will then be uploaded on your Rudder Server under the folder:
/var/rudder/shared-files/root/files/<node-id>/openscap_report.html
Rudder Webapp integration
With the Rudder plugin Node external reports
which allows to add external, static documents and reports in a new tab in the node details
webpage, this plugin will display the reports directly in the web interface.
A compatible configuration file is distributed with the OpenSCAP-report
plugin, you can find it in /var/rudder/packages/rudder-plugin-openscap-report/node-external-reports.properties
The complete documentation of the Node-external-reports
plugin is available here.
← Notification Scale out relay servers →