| ### Docs: | |
| https://github.com/RedHatDemos/SecurityDemos/blob/master/2019Labs/RHELSecurityLab/documentation/lab1_OpenSCAP.adoc | |
| ### Generate the report first: | |
| sudo oscap xccdf eval --oval-results --profile cis --results-arf /tmp/arf.xml --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml | |
| ### Now create the playbook based on the report: | |
| oscap xccdf generate fix --fix-type ansible --result-id "" /tmp/arf.xml > playbook.yml | |
| ### Run the playbook against your server to force CIS compliance: |
| ### Install the required packages: | |
| sudo yum install openscap-scanner scap-security-guide | |
| ### Can we run a report? | |
| sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_ospp --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml | |
| first scan gives “notapplicable” | |
| ### Now do this… | |
| sudo cp /usr/share/openscap/cpe/openscap-cpe-dict.xml /usr/share/openscap/cpe/openscap-cpe-dict.xml.dist |
| --- | |
| # This playbook will check a wide range of code paths of the Ansible lvol module. | |
| # | |
| # Make sure you adjust `test_vg` and `test_pvs` variables according to the test volume group. | |
| # | |
| # Invoke with: ansible-playbook [-K][-v] check-lvol.yml | |
| # | |
| - hosts: localhost | |
| become: True |
Two common cases which make the install of Python packages harder due to networking issues are: a) Install behind a Proxy b) Install without access to the internet
In the case where the target machine connects to the internet over a network proxy, export the following environment vars, as appropriate - http_proxy and https_proxy. Eg: