Red Hat Security: Linux in Physical, Virtual, and Cloud

Bookmark this page
P123456789101112
PreviousNext

Guided Exercise: Configuring Red Hat Satellite for OpenSCAP

Configure an existing Red Hat Satellite Server to perform OpenSCAP scans.

Outcomes

  • Configure an existing Satellite Server to import Ansible roles and variables.

  • Push OpenSCAP content to the registered host and perform OpenSCAP scans.

As the student user on the workstation machine, use the lab command to prepare your environment for this exercise, and to ensure that all required resources are available.

[student@workstation ~]$ lab start compliance-configuring

Instructions

  1. On the workstation machine, open a web browser and navigate to https://satellite.lab.example.com. Log in as the admin user with redhat as the password.

  2. Verify that a host group named org-hostgroup1 exists in the Operations organization.

    1. Set Satellite Server to use the Operations organization. Navigate to Default Organization and select Operations.

    2. Navigate to ConfigureHost groups. Verify that the org-hostgroup1 host group exists.

    3. Click the org-hostgroup1 link to open the group for editing.

      Ensure that the following fields are correctly configured:

      Table 11.1. Ansible Configuration

      FieldValue
      Content Source satellite.lab.example.com
      Lifecycle EnvironmentProduction
      Content ViewRHEL9-Content
      OpenSCAP Capsule satellite.lab.example.com

  3. Import the Ansible role and Ansible variables to Satellite Server.

    1. Navigate to ConfigureAnsible Roles and click Import from satellite.lab.example.com.

    2. In the Changed Ansible roles section, select the theforeman.foreman_scap_client role and click Submit.

    3. Navigate to ConfigureAnsible Variables. Verify that the variables have been imported.

  4. Import the theforeman.foreman_scap_client Ansible role to the org-hostgroup1 host group.

    1. Navigate to ConfigureHost Groups and click org-hostgroup1.

    2. On the Edit org-hostgroup1 page, select the Ansible Roles tab.

    3. Click the plus sign (+) to the right of theforeman.foreman_scap_client role to import the Ansible role. Then click Submit to import the role.

  5. Upload the default OpenSCAP content to the Satellite Server database.

    1. Log in to the satellite machine as the student user. Change to the root user. Use student as the password.

      [student@workstation ~]$ ssh student@satellite
[student@satellite ~]$ sudo -i
[sudo] password for student: student
[root@satellite ~]#

    2. Use the hammer scap-content bulk-upload command to upload the default OpenSCAP content to Satellite Server.

      [root@satellite ~]# hammer scap-content bulk-upload --type default
Errors:

Uploaded Scap Contents:

Scap Contents uploaded.

    3. Verify that the default OpenSCAP content is uploaded to the Satellite Server database. Use the hammer scap-content list command to list the OpenSCAP content that is present on the Satellite Server database.

      [root@satellite ~]# hammer scap-content list --fields Id,Title
---|--------------------------------
ID | TITLE
---|--------------------------------
1  | Red Hat firefox default content
2  | Red Hat rhel6 default content
3  | Red Hat rhel7 default content
4  | Red Hat rhel8 default content
---|--------------------------------

    4. Return to the workstation machine as the student user.

      [root@satellite ~]# logout
[student@satellite ~]$ logout
Connection to satellite closed.
[student@workstation ~]$

  6. View the OpenSCAP content from the Satellite Server web UI.

    Navigate to HostsSCAP Contents. The SCAP Contents page lists the default SCAP content.

Finish

On the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish compliance-configuring

PreviousNext
Revision: rh415-9.2-a821299