Compliance as code

This document provides insight on running compliance as code remediation using an Ansible Playbook.

For more infomation about running compliance as code remediation using a bash script, see Remediation.

1. Install the SCAP security guide package

For executing remediations you need to install the SCAP security guide package on the Ansible control node.

Procedure: Installing the SCAP security guide package

  1. From Systems  Overview, select the client. Then click Software  Packages  Install.

  2. Search for scap-security-guide and install the package suitable for your system. See the following table for package distribution requirements:

    Table 1. SCAP security guide package requirements
    Package name Supported Systems

    scap-security-guide

    openSUSE, SLES12, SLES15

    scap-security-guide-redhat

    CentOS 7, CentOS 8, Fedora, Oracle Linux 7, Oracle Linux 8, RHEL7, RHEL8, RHEL9, Red Hat OpenStack Platform 10, Red Hat OpenStack Platform 13, Red Hat Virtualization 4, Scientific Linux

    scap-security-guide-debian

    Debian 9, Debian 10

    scap-security-guide-ubuntu

    Ubuntu 16.04. Ubuntu 18.04, Ubuntu 20.04

2. Run remediation using an Ansible playbook

An Ansible control node is required. For more information, see Setup Ansible control node.

The following procedure will guide you through running remediation using an Ansible Playbook.

Procedure: Run remediation using an Ansible playbook

  1. From the control node system menu select Ansible  Playbooks. Expand the folder tab, then select a playbook.

  2. Click the playbook.

  3. To run the playbook, select the OS Inventory Path for the client, for example:

    /etc/ansible/sles15

  4. Click Schedule.

  5. Check the status of the scheduled event under the Events tab.