How to can remote servers for security compliance on Foreman?

Support
#1

Problem: Unable to scan remote servers for security compliance

**Expected outcome:Ability to scan remote clients and get results on Foreman UI

Foreman and Proxy versions: Both 3.2.0 version

**Foreman and Proxy plugin versions:

  • foreman-tasks: 6.0.1
    foreman_ansible: 7.1.0
    foreman_openscap: 5.2.1
    foreman_puppet: 3.0.5
    foreman_remote_execution: 6.0.0*

**Distribution and version:CentOS Linux release 7.9.2009 (Core)

Other relevant data:
I just want to scan remote servers with resolvable hostnames on Foremab, but not provisioned using foreman.

#2

Hi @shadebe
Did you have a look at our documentation on Managing Security Compliance and Running OpenSCAP Scans? I am unsure at which point you experience issues.

1 Like
#3

Hi @maximilian

I had a look at you documentation and it has helped me to resolve some other issues. Can I scan a remote serve, for security compliance, that is not provisioned on foreman?

#4

Yes, that should be possible too. You can register your host with Foreman and then follow the procedure to run OpenSCAP scans as documented.

#5

Hi @maximillian,

There is progress made, all thanks to you. I have registered my remote host and was able to run few scans on it. The reports are documented and sent to the Reports of the remote host foreman GUI.

I have configured the remote host to use my primary foreman hots’s proxy. How can I achieve to have all the reports in the primary foreman host?

Thank you in advance

#6

I am unsure what the exact issue is.

To my knowledge, you can view all openSCAP reports in the Foreman Web UI under Hosts > Reports, irrespective if they come via Foreman Server or any attached Smart Proxy.

#7

Thank you so much.

Just wondering if it’s possible to push reports of the oscap command to the foreman server UI.

oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard_customized --tailoring-file /home/shadebe/ssg-centos7-ds-tailoring.xml --results-arf /tmp/d20220510-62915-1qogkc/results.xml /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

e.g push the results.html file to the Foreman server UI and be able to create report from the results