diff --git a/openscap/README.adoc b/openscap/README.adoc index 60a62d5d9..57ed0710d 100644 --- a/openscap/README.adoc +++ b/openscap/README.adoc @@ -44,6 +44,37 @@ The technique will take care of the openSCAP agent installation and will by defa /var/rudder/shared-files/root/files//openscap_report.html ---- +=== Usage on Ubuntu/Debian + +OpenSCAP packages in Debian and Ubuntu repositories are very out of date, and it is necessary +to get up to date profiles from OpenSCAP sources. + +Example for Ubuntu 18.04 LTS: + +---- +# install openscap tools +sudo apt-get install libopenscap8 python-openscap +sudo apt install ssg-base ssg-debderived ssg-debian ssg-nondebian ssg-applications +# install build dependencies for profiles +apt-get install cmake make expat libopenscap8 libxml2-utils ninja-build python3-jinja2 python3-yaml xsltproc +git clone https://github.com/ComplianceAsCode/content.git +cd content +# build up to date profiles +./build_product ubuntu18.04 +# install the profiles to the system +sudo cp build/*.xml /usr/share/openscap/ +---- + +Then you can use the following parameters: + +* profile: `xccdf_org.ssgproject.content_profile_standard` +* scap_file: `/usr/share/openscap/ssg-ubuntu1804-ds-1.2.xml` + +The reports are done every night, to trigger an immediate report add `-D schedule_simple_openscap_repaired` to your agent command like: + +---- +rudder agent run -D schedule_simple_openscap_repaired -ui +---- == Rudder Webapp integration diff --git a/openscap/README.asciidoc b/openscap/README.asciidoc deleted file mode 100644 index 91421f8c3..000000000 --- a/openscap/README.asciidoc +++ /dev/null @@ -1,16 +0,0 @@ -# Rudder plugin: OpenSCAP Policies - -This project is part of Rudder - IT infrastructure Automation and Compliance. -See: http://rudder.io for more information. - -See repository main README for information about licensing, contribution, and -other general information. - - -// Everything after this line goes into Rudder documentation -// ====doc==== -[OpenSCAP Policies-plugin] -= OpenSCAP Policies - -OpenSCAP audits managed by Rudder - diff --git a/qa-test b/qa-test index 4aa472839..886284e70 100755 --- a/qa-test +++ b/qa-test @@ -35,7 +35,7 @@ test_python_error() if type pylint3 >/dev/null; then PYLINT="pylint3" fi - find . -name '*.py' | xargs ${PYLINT} -E --persistent=n --disable=C,R,import-error,no-member,no-name-in-module + find . ! -name ipaddress.py -name '*.py' | xargs ${PYLINT} -E --persistent=n --disable=C,R,import-error,no-member,no-name-in-module } test_typos()