How to can remote servers for security compliance on Foreman?

Problem: Unable to scan remote servers for security compliance

**Expected outcome:Ability to scan remote clients and get results on Foreman UI

Foreman and Proxy versions: Both 3.2.0 version

**Foreman and Proxy plugin versions:

  • foreman-tasks: 6.0.1
    foreman_ansible: 7.1.0
    foreman_openscap: 5.2.1
    foreman_puppet: 3.0.5
    foreman_remote_execution: 6.0.0*

**Distribution and version:CentOS Linux release 7.9.2009 (Core)

Other relevant data:
I just want to scan remote servers with resolvable hostnames on Foremab, but not provisioned using foreman.

Hi @shadebe
Did you have a look at our documentation on Managing Security Compliance and Running OpenSCAP Scans? I am unsure at which point you experience issues.

1 Like

Hi @maximilian

I had a look at you documentation and it has helped me to resolve some other issues. Can I scan a remote serve, for security compliance, that is not provisioned on foreman?

Yes, that should be possible too. You can register your host with Foreman and then follow the procedure to run OpenSCAP scans as documented.

Hi @maximillian,

There is progress made, all thanks to you. I have registered my remote host and was able to run few scans on it. The reports are documented and sent to the Reports of the remote host foreman GUI.

I have configured the remote host to use my primary foreman hots’s proxy. How can I achieve to have all the reports in the primary foreman host?

Thank you in advance

I am unsure what the exact issue is.

To my knowledge, you can view all openSCAP reports in the Foreman Web UI under Hosts > Reports, irrespective if they come via Foreman Server or any attached Smart Proxy.

Thank you so much.

Just wondering if it’s possible to push reports of the oscap command to the foreman server UI.

oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard_customized --tailoring-file /home/shadebe/ssg-centos7-ds-tailoring.xml --results-arf /tmp/d20220510-62915-1qogkc/results.xml /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

e.g push the results.html file to the Foreman server UI and be able to create report from the results