Openscap failed in the scan

Support
1

hello everyone
I have a problem I was trying to scan my client-server with openscap plugin in the foreman but I get failed without any results.

I use :
Ansible Version : 3.0.1
Dynflow Version :0.2.4
HTTPBoot Version :1 .24.2
Openscap Version :0.7.2

when I go to services in foreman
I get Spool errors: None found
"Proxy failed to send a report from spool to Foreman. This indicates a corrupted report format Report has been moved to directory for storing corrupted files on proxy for later inspection. "

could you help me, please?

2

Hi,
by ‘failed without any results’, do you mean that the report gets generated without any evaluated results, like the following:

no-rules
no-rules1543×68 12.9 KB

or the reports are not created at all? I see that you have no errors in spool, at least we know there is no detected problem when sending reports from spool to foreman.

3

Thank you sir for your prompt response

screenshot_20200330_141156
screenshot_20200330_1411561920×915 94.8 KB

screenshot_20200330_141116
screenshot_20200330_141116959×902 56.5 KB

really I don’t know where is the problem yet
I was run the configuration below:

:enabled: true

Log file for the forwarding script. :openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log vi /etc/foreman-proxy/settings.d/openscap.yml

4

Thank you for the screenshots, it seems like remote execution fails for some reason. I see on the first screenshot that ‘Preview templates’ tab header is red, which usually means there is a problem with a job template for this remote execution. You should get more details when switching to ‘Preview templates’ tab.

You can also try clicking the host name in the table below, which should show output of the executed command for given host.

6

I am sorry I didn’t give you more the screenshots, this time I have more screenshots for the problem

Annotation 2020-04-03 014238
Annotation 2020-04-03 014238901×395 42.8 KB
Annotation 2020-04-03 015445
Annotation 2020-04-03 0154451423×777 175 KB

and I tried to run some policies but i did’t found in reports (ARF)
also i get this problem when i add openscap-foreman-client to the class
Annotation 2020-04-04 232845
Annotation 2020-04-04 2328451881×272 103 KB

7

Ok, I see 2 problems:

On the first screenshot, job template fails to render because you do not have policy assigned to host you are trying to scan. To resolve that, you need to assign a policy to the host.

The second problem is that your client does not have access to the scap client package, which is why the Puppet run fails. The package is in our client repo, you can also instruct the Puppet module to configure the repo for you, setting foreman_repo_rel param to appropriate Foreman release version should be enough to achieve that.