Hello Guys,
recently i was working on a project for a compliance management and i was looking for a open source tool which can help me with identify the state of my server against the compliance policy. So after a some quick search i come across OpenSCAP which is an open source compliance management tool and solve my problem so i wrote a simple playbook which help me to identify the issue and also help me fix it
here is the playbook which i write
---
- name: Check for known CVEs
hosts: all
tasks:
- name: Install OpenSCAP (if not already installed)
ansible.builtin.package:
name: openscap-scanner
state: present
- name: Run OpenSCAP scan
ansible.builtin.command: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
register: cve_scan
- name: Save CVE report to file
copy:
content: "{{ inventory_hostname }},{{ cve_scan.stdout }}"
dest: /var/ansible/cve_results.csv
delegate_to: localhost
let me know your thought on this
