Project

General

Profile

Actions

Feature #20563

open

Integrate OpenSCAP into the provisioning process

Added by Ondřej Pražák over 6 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

Proposed title of this feature request

[RFE] Integrate OpenSCAP into the provisioning process

Why does the user need this?

To get a baseline Compliance report for a system at build time. When a system is newly built, you want to verify immediately following the build that it meets your criteria. Especially if the normal compliance check schedule is monthly or quarterly (or more), you don't want to wait for weeks or months to find out your system is out of compliance.

How would the user like to achieve this? (List the functional requirements here)

One possible way to do this would be to extend foreman_scap_client to actually use its own yaml file and have a CLI option to "run all profiles." For example:

/usr/bin/foreman_scap_client --run-all

For each functional requirement listed, specify how the user can test to confirm the requirement is successfully implemented.

By provision a client with OpenScap configured and check if we get OpenScap report on the Foreman once the machine is built.

Actions #1

Updated by Ondřej Pražák over 6 years ago

  • Subject changed from Integrate OpenSCAP into the provisioning process to Integrate OpenSCAP into the provisioning process
  • Target version set to 115
Actions

Also available in: Atom PDF