Hello everyone,
I have installed openscap plugin for existing foreman 1.15 and trying to
get the compliance report for a server, facing few issues during this
process.
Having trouble assigning policy to host, its not loading to select the
existing policy.
So I have tried from command line by running /usr/bin/foreman_scap_client 1
below is the confi file /etc/foreman_scap_client/config.yaml
DO NOT EDIT THIS FILE MANUALLY
IT IS MANAGED BY PUPPET
Foreman proxy to which reports should be uploaded
:server: 'foremanproxy.example.com'
:port: 8443
SSL specific options
Client CA file.
It could be Puppet CA certificate (e.g.,
'/var/lib/puppet/ssl/certs/ca.pem')
Or (recommended for client reporting to Katello) subscription manager CA
file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem')
:ca_file: '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
Client host certificate.
It could be Puppet agent host certificate (e.g.,
'/var/lib/puppet/ssl/certs/myhost.example.com.pem')
Or (recommended for client reporting to Katello) consumer certificate
(e.g., '/etc/pki/consumer/cert.pem')
:host_certificate:
'/etc/puppetlabs/puppet/ssl/certs/localhost.example.com.pem'
Client private key
It could be Puppet agent private key (e.g.,
'/var/lib/puppet/ssl/private_keys/myhost.example.com.pem')
Or (recommended for client reporting to Katello) consumer private key
(e.g., '/etc/pki/consumer/key.pem')
:host_private_key:
'/etc/puppetlabs/puppet/ssl/private_keys/localhost.example.com.pem'
policy (key is id as in Foreman)
1:
:profile: ''
:content_path: '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml'
Download path
A path to download SCAP content from proxy
:download_path: '/compliance/policies/1/content'
:tailoring_path: ''
:tailoring_download_path: ''
root localhost [~] # /usr/bin/foreman_scap_client 1
DEBUG: running: oscap xccdf eval --results-arf
/tmp/d20170615-1073-zzt674/results.xml
/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
WARNING: Skipping
http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml
file which is referenced from XCCDF content
DEBUG: running: /usr/bin/bzip2 /tmp/d20170615-1073-zzt674/results.xml
Uploading results to https://foreman.example.com:8443/compliance/arf/1
At https://foreman.example.com:8443/compliance/arf/1 it through a message
as " No client SSL certificate supplied "
Below are logs from foreman-proxy server
/var/log/foreman-proxy/proxy.log
Can anyone please help me with this.
Thank you
Sai Krishna