OpenSCAP reports are all empty

Trey_Dockendorf · May 8, 2018, 2:15pm

Problem:

All reports uploaded to Foreman for OpenSCAP are empty. This is the payload getting sent by the smart proxy. I’m using default content and profile. Content is “Red Hat rhel7 default content” from ssg-rhel7-ds.xml and profile is “Standard System Security Profile”. I’ve tried other profiles and still get the same result.

{“logs”:[],“digest”:“db8d80bf97d2168953abd2384b97317ce16b504f765dd730bcac56a8ecd71544”,“metrics”:{“passed”:0,“failed”:0,“othered”:0}}

I took one of the reports generated by a client and it generates the above payload.

cp /var/lib/foreman-proxy/openscap/reports/arf/puppet-test.DOMAIN/7020/1525787497/888c8a72f62cebdf0392a8553bd4e59045d78c0c7cd805b9090dae6ff8a35869 /tmp/in.bzip2
bzip2 -d /tmp/in.bzip2
smart-proxy-arf-json /tmp/in.bzip2.out /tmp/out
cat /tmp/out
{“logs”:[],“digest”:“db8d80bf97d2168953abd2384b97317ce16b504f765dd730bcac56a8ecd71544”,“metrics”:{“passed”:0,“failed”:0,“othered”:0}}

I’ve attached the report that is generated.

scap-report.xml.gz (1.2 MB)

Expected outcome:

I’d expect the default SCAP content to produce a meaningful report.

Foreman and Proxy versions:

foreman-1.15.6-1.el7.noarch
foreman-proxy-1.15.6-1.el7.noarch

Foreman and Proxy plugin versions:

rubygem-foreman_scap_client-0.3.0-1.el7.noarch
tfm-rubygem-foreman_openscap-0.7.13-1.fm1_15.el7.noarch
rubygem-smart_proxy_openscap-0.6.8-1.el7.noarch

Other relevant data:

Proxy logs

D, [2018-05-08T09:51:37.274445 ] DEBUG – : Executing: smart-proxy-arf-json /var/tmp/78528825-6279-4cab-a67a-811ce67428f8-puppet-DOMAIN-1-1525787497-20180508-69475-jeovjp /var/tmp/78528825-6279-4cab-a67a-811ce67428f8-puppet-test.DOMAIN-1-1525787497-json-20180508-69475-1nmy1fz
D, [2018-05-08T09:51:38.760468 ] DEBUG – : File /var/lib/foreman-proxy/openscap/reports/arf/puppet-test.ten.osc.edu/7020/1525787497/888c8a72f62cebdf0392a8553bd4e59045d78c0c7cd805b9090dae6ff8a35869 stored in reports dir.
I, [2018-05-08T09:51:38.761002 ] INFO – : 10.20.0.26 - - [08/May/2018:09:51:38 -0400] “POST /compliance/arf/1 HTTP/1.1” 200 - 1.4881

Foreman logs

2018-05-08 09:51:38 c47fb68e [app] [I] Started POST “/api/v2/compliance/arf_reports/puppet-test.DOMAIN/1/1525787497” for 10.20.0.20 at 2018-05-08 09:51:38 -0400
2018-05-08 09:51:38 c47fb68e [app] [I] Processing by Api::V2::Compliance::ArfReportsController#create as HTML
2018-05-08 09:51:38 c47fb68e [app] [I] Parameters: {“logs”=>[], “digest”=>“888c8a72f62cebdf0392a8553bd4e59045d78c0c7cd805b9090dae6ff8a35869”, “metrics”=>{“passed”=>0, “failed”=>0, “othered”=>0}, “apiv”=>"v2", “cname”=>“puppet-test.DOMAIN”, “policy_id”=>“1”, “date”=>“1525787497”, “arf_report”=>{“logs”=>[], “digest”=>“888c8a72f62cebdf0392a8553bd4e59045d78c0c7cd805b9090dae6ff8a35869”, “metrics”=>{“passed” =>0, “failed”=>0, “othered”=>0}}}

Trey_Dockendorf · May 8, 2018, 3:10pm

Solved my problem. I didn’t realize the profile changes actually had to be written to /etc/foreman_scap_client/config.yaml via Puppet. Once I ran Puppet after setting a profile the reports actually produced results.