It would be really useful if you could add the ability to choose a lower than 100% compliance. We use 95% as there are always some exceptions and differences e.g. Oracle does not like the nodev mount-option being set on /tmp, and some servers such as Foreman require a http server.
It would also help if you could add a field/column that shows the compliance percentage as this is the most important thing for our auditors.
I would also like to see the ability to download this screen as a PDF report.
The following screen would also be really useful if we could download it.
would be the addition of a counter showing the number of hosts failing a particular test as the only way I can find is to use the query option for all 120+ tests:
The only way to properly get 100% is to use tailoring files and create different policies depending on what kind of setup the machines has. For example I need to have one for machines running docker since that require certain configurations that break some of the default policy rules.
This is precisely what I need along with the adjustable threshold. Another way to think about this is in terms of roles such as production or database, and the policies could be adjusted according to the role.
The other real big addition is more PDF or CSV reporting so the results can be exported for presentation to auditors and management.
My point is that tailoring files can be uploaded and used with SCAP in Foreman to create custom policies so if you need it, it is already there to be used,
I already use tailoring files but the limitation is that if I want to tailor CIS Level 1 I can only do it once for this policy and have to run the Ansible roles on every client in order to update them. This takes a lot of time. What I would like is the ability to tailor my global policy, e.g. I’m not bothered about having Samba shares, and then have special tailoring for Docker or Database systems. With a role tag this would become easier to use and to administer.
I first want to say I really appreciate all your efforts and wish I had programming skills and could help more.
Another killer feature for me would be if you could download the Satellite SCAP reports as PDF files as well as being able to view them in the browser. If I could download all the reports they could be used as evidence for my security auditors.
