Rootconf 2019

Systems left with unpatched vulnerabilities can have a number of consequences. Security compliance is a state where computer systems are scrutinized against certain defined security policy. OpenSCAP is one such security compliance ecosystem that provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselines.

Foreman provides OpenSCAP as a plugin that enables Foreman to receive automated vulnerability assessment and security compliance audits from Foreman hosts. You can upload SCAP compliance contents, create compliance policies out of them and further, these policies can be assigned to various hosts or hostgroups created through foreman.

OpenSCAP reports will help users find vulnerabilities on the hosts and also suggest remediation plan to fix those vulnerabilities. Foreman OpenSCAP plugin is made of 4 components viz., foreman_openscap, smart_proxy_openscap, foreman_scap_client and puppet-foreman_scap_client. These components together establish the Foreman and OpenSCAP integration.

Outline

Learning OpenSCAP:

• Installing OpenSCAP
• Scanning and Analyzing Compliance
• Customizing OpenSCAP Policy
• Remediating OpenSCAP Issues with Ansible

Automate Compliance using Foreman:

• Configuring Foreman to enable OpenSCAP
• Scan OpenSCAP Compliance with Foreman
• Customize OpenSCAP Policy with Foreman

Requirements

Basic knowledge of Linux commands and a will to learn new things are a big plus!

Speaker bio

Rahul is a Software Engineer at Red Hat. He is a Rubyist, open source enthusiast and upstream contributor. He contributes mostly to the Foreman project and is the co-maintainer of the Foreman Discovery plugin. Being a Red Hat Certified Architect, he takes interest in learning about containers, configuration management tools, and security. He loves to travel, code, talk and drink beer!