RH415 - ch09s04

Scan one of your servers for compliance with the OSPP profile for Red Hat Enterprise Linux 9, which is provided with the SCAP Security Guide's content.

Outcomes

Scan a system with the DISA STIG for Red Hat Enterprise Linux 9 profile.
Review and interpret the results.

As the student user on the workstation machine, use the lab command to prepare your environment for this exercise, and to ensure that all required resources are available.

[student@workstation ~]$ lab start openscap-scanning

Instructions

On the serverc machine, retrieve the identifier of the DISA STIG for Red Hat Enterprise Linux 9 profile and scan the system for compliance with that profile.

Log in to the serverc machine as the student user. No password is required.
```
[student@workstation ~]$ ssh student@serverc
[student@serverc ~]$
```

Use the sudo -i command to switch identity to the root user. Use student as the password.

[student@serverc ~]$ sudo -i
[sudo] password for student: student
[root@serverc ~]#

Use the oscap info command to retrieve the identifier of the DISA STIG for Red Hat Enterprise Linux 9 profile.

[root@serverc ~]# oscap info /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
...output omitted...
			Title: [DRAFT] Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)
				Id: xccdf_org.ssgproject.content_profile_cui
			Title: Australian Cyber Security Centre (ACSC) Essential Eight
				Id: xccdf_org.ssgproject.content_profile_e8
			Title: Health Insurance Portability and Accountability Act (HIPAA)
				Id: xccdf_org.ssgproject.content_profile_hipaa
			Title: Australian Cyber Security Centre (ACSC) ISM Official
				Id: xccdf_org.ssgproject.content_profile_ism_o
			Title: Protection Profile for General Purpose Operating Systems
				Id: xccdf_org.ssgproject.content_profile_ospp
			Title: PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 9
				Id: xccdf_org.ssgproject.content_profile_pci-dss
			Title: [DRAFT] DISA STIG for Red Hat Enterprise Linux 9
				Id: xccdf_org.ssgproject.content_profile_stig
			Title: [DRAFT] DISA STIG with GUI for Red Hat Enterprise Linux 9
				Id: xccdf_org.ssgproject.content_profile_stig_gui
...output omitted...

Scan the system for compliance with the DISA STIG for Red Hat Enterprise Linux 9 profile. Save the result in the /root/results.xml file.

[root@serverc ~]# oscap xccdf eval \
    --profile xccdf_org.ssgproject.content_profile_stig \
    --results /root/results.xml \
    /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
--- Starting Evaluation ---

Title   Install AIDE
Rule    xccdf_org.ssgproject.content_rule_package_aide_installed
Ident   CCE-90843-4
Result  fail

Title   Configure AIDE to Verify the Audit Tools
Rule    xccdf_org.ssgproject.content_rule_aide_check_audit_tools
Ident   CCE-87757-1
Result  fail

Title   Configure Periodic Execution of AIDE
Rule    xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking
Ident   CCE-83437-4
Result  fail

Title   Configure Notification of Post-AIDE Scan Details
Rule    xccdf_org.ssgproject.content_rule_aide_scan_notification
Ident   CCE-90844-2
Result  fail

...output omitted...

When the scan is complete, generate an HTML report for your scan of the serverc machine and copy it to the workstation machine.

Convert the /root/results.xml file to HTML. Write the HTML report to the /root/results.html file.
```
[root@serverc ~]# oscap xccdf generate report results.xml > results.html
```

Use the scp command to copy the results.html file to the workstation machine so that you can use the Firefox web browser to display the report. Use student as the password.

[root@serverc ~]# scp results.html student@workstation:
The authenticity of host 'workstation (172.25.250.9)' can't be established.
ED25519 key fingerprint is SHA256:4JZy3aivfX4NsDAE8rKOYCEp8A38DrCbXrp65yl6DK4.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'workstation' (ED25519) to the list of known hosts.
student@workstation's password: student
results.html                                     100% 7669KB 214.8MB/s   00:00

Return to the workstation machine.

[root@serverc ~]# logout
[student@serverc ~]$ logout
[student@workstation ~]$

On the workstation machine, use Firefox to review the scan report.
1. Use Firefox to display the results.html file.
```
[student@workstation ~]$ firefox results.html
```
2. Browse through the page and view the following:
  - The number of passed and failed rules
  - The severity of the failed rules
  - The pass result of the Ensure gpgcheck Enabled for All dnf Package Repositories rule
  - The fail result of the Ensure gpgcheck Enabled for Local Packages rule
  Close Firefox when you are done exploring the scan results, but keep the results.html file so you that can refer to it later.

Finish

On the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish openscap-scanning

Discuss Red Hat Security: Linux in Physical, Virtual, and Cloud

Go to community

Welcome to the Red Hat Security: Linux in Physical, Virtual, and Cloud (RH415) group!

Deanna

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Security: Linux in Physical, Virtual, and Cloud! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH415.Read more about Red Hat Security: Linux in Physical, Virtual, and Cloud here.

415

Revision: rh415-9.2-a821299