From 8c2174cd626442fa1db84f94d53a4b98d1c8dfd9 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 8 Oct 2025 11:50:35 +0200 Subject: [PATCH 1/2] Improved the appearance of entries in the Web UI. --- CHANGELOG.md | 2 ++ modules/administration/pages/openscap.adoc | 12 +++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ede0166273..22f100fd97d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,5 @@ +- Improved the appearance of Web UI instructions in Administration + Guide (bsc#1250451) - Added new workflow for liberating RHEL server in Common Workflows Guides (bsc#1250423) - Fixed the broken link in Specialized Guides (bsc#1249073) diff --git a/modules/administration/pages/openscap.adoc b/modules/administration/pages/openscap.adoc index b623d77cd67..6ce5b878c19 100644 --- a/modules/administration/pages/openscap.adoc +++ b/modules/administration/pages/openscap.adoc @@ -185,11 +185,13 @@ You can also use the {productname} API to schedule regular scans. . In the [guimenu]``Path to XCCDF Document`` field, enter the parameters for the SCAP template and profile you want to use on the client. For example: + ----- - Command: /usr/bin/oscap xccdf eval - Command-line arguments: --profile xccdf_org.ssgproject.content_profile_stig - Path to XCCDF document: /usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml ----- + + * [literal]``Command``: /usr/bin/oscap xccdf eval + + * [literal]``Command-line arguments``: --profile xccdf_org.ssgproject.content_profile_stig + + * [literal]``Path to XCCDF document``: /usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml + + [NOTE] ==== From 888812f6fc1623d76e7bf3f733555b16f5797745 Mon Sep 17 00:00:00 2001 From: Ornela Maric Date: Wed, 8 Oct 2025 14:28:07 +0200 Subject: [PATCH 2/2] Formatting tidy-ups. --- modules/administration/pages/openscap.adoc | 38 +++++++++++++++++----- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/modules/administration/pages/openscap.adoc b/modules/administration/pages/openscap.adoc index 6ce5b878c19..4891e5ae5e5 100644 --- a/modules/administration/pages/openscap.adoc +++ b/modules/administration/pages/openscap.adoc @@ -33,7 +33,7 @@ For more information about the {suse} Security Team, see https://www.suse.com/s -== Prepare Clients for an SCAP Scan +== Prepare clients for an SCAP scan Before you begin, you need to prepare your client systems for SCAP scanning. @@ -90,7 +90,7 @@ For Non-{suse} operating systems the included profiles are community supplied. They are not officially supported by {suse}. ==== -== OpenSCAP Content Files +== OpenSCAP content files OpenSCAP uses SCAP content files to define test rules. These content files are created based on the XCCDF or OVAL standards. @@ -173,26 +173,33 @@ Take a note of the file paths and profiles for performing the scan. -== Perform an Audit Scan +== Perform an audit scan When you have installed or transferred your content files, you can perform audit scans. Audit scans can be triggered using the {productname} {webui}. You can also use the {productname} API to schedule regular scans. -.Procedure: Running an Audit Scan from the {webui} +.Procedure: Running an audit scan from the {webui} +[role=procedure] +_____ + . In the {productname} {webui}, navigate to menu:Systems[Systems List] and select the client you want to scan. + . Navigate to the [guimenu]``Audit`` tab, and the [guimenu]``Schedule`` subtab. + . In the [guimenu]``Path to XCCDF Document`` field, enter the parameters for the SCAP template and profile you want to use on the client. For example: + + * [literal]``Command``: /usr/bin/oscap xccdf eval - + * [literal]``Command-line arguments``: --profile xccdf_org.ssgproject.content_profile_stig - + * [literal]``Path to XCCDF document``: /usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml + + [NOTE] ==== If you use [literal]``--fetch-remote-resources`` parameter a lot of RAM is required. @@ -201,6 +208,7 @@ In addition, you may need to increase the value of [literal]``file_recv_max_size . The scan runs at the client's next scheduled synchronization. +_____ [IMPORTANT] ==== @@ -209,11 +217,17 @@ If the content file includes invalid arguments, the test fails. ==== -.Procedure: Running an Audit Scan from the API +.Procedure: Running an audit scan from the API +[role=procedure] +_____ + . Before you begin, ensure that the client to be scanned has Python and XML-RPC libraries installed. + . Choose an existing script or create a script for scheduling a system scan through ``system.scap.scheduleXccdfScan``. For example: + + + ---- #!/usr/bin/python3 import xmlrpc.client @@ -224,18 +238,25 @@ client.system.scap.scheduleXccdfScan(key, <1000010001>, '--profile ') client.auth.logout(session_key) ---- + + + In this example: + * ``<1000010001>`` is the system ID (sid). + * ```` is the path to the content file location on the client. For example, [path]``/usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml``. + * ```` is an additional argument for the [command]``oscap`` command. For example, use ``united_states_government_configuration_baseline`` (USGCB). + . Run the script on the client you want to scan, from the command prompt. +_____ -== Scan Results +== Scan results Information about the scans you have run is in the {productname} {webui}. @@ -296,6 +317,7 @@ For more information, see xref:administration:ansible-setup-control-node.adoc[]. Packages, channels and scripts are different for each operating system and distribution. Examples are listed in the <> section. + ==== Run the Bash script on single systems as a remote command Run the Bash script as a remote command on single systems.