Linux Blimp

How do I delete a user from your Ubuntu Linux system? Such instances include when users leave the company or when their accounts become dormant for so long. In this tutorial, I will show you how to delete a user and home directory on Ubuntu 18.04.

But first, we are going to carry out some pre-tasks before deleting the user and home directory. These tasks will include

1) Locking the User account

2) Killing any processes associated with the user3) Backing up the user’s home directory4) Removing any cron/print jobs5) Deleting/removing user accounts

1) Lock the User account

Begin by first locking the user’s account to deny them entry into the system. The syntax for this will be

passwd -l

For example

passwd -l alice

Output

Locking password for user alice.
passwd: Success

2) Kill all running processes of the User

After successfully locking the account, you need to find all the running processes attached to the user account and ‘kill’ them using their PID (Process IDs)
Using the ps command, the syntax is

ps -u

For example

ps -u alice

Output

PID TTY TIME CMD
6561 pts/0 00:00:00 bash
6586 pts/0 00:00:00 ps

Using the top command, the syntax will be

top -U

For instance

top -U alice

Output

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
6561 alice 20 0 21196 5000 3224 S 0.0 0.5 0:00.03 bash
6595 alice 20 0 40540 3748 3148 R 0.0 0.4 0:00.01 top

To end or ‘kill’ all the running processes, use the killall command as shown

killall -9 -u

In our case, we shall have

killall -9 -u alice

-9 flag is the SIGKILL command. It tells the system to terminate the processes without cleaning up.
-u flag defines the username

3) Backup user data before deleting

This is an optional step, but highly recommended should a need for reviewing a user’s account or files arise.
I decided to use tar utility to perform the backup. The syntax would be

tar cvjf backup.tar.bz /home/username

In our example, the syntax will be

tar cvjf backup.tar.bz /home/alice

Sample Output

tar: Removing leading `/’ from member names
/home/alice/
/home/alice/.bash_history
/home/alice/.profile
/home/alice/.bashrc
/home/alice/.bash_logout

4) Delete the user’s cron jobs

To delete the cron jobs of a user, run

crontab -r -u alice

To erase printer jobs run

lprm alice

5) Delete/ remove user account and files

We’ve finally reached the last stage of removing or erasing user accounts from the system. The above command will remove both the user account and the home directory.

userdel -r alice

In this case, the user ‘Alice’ alongside the home directory will be purged. This is because we have used the -r flag.

To delete the user only and retain the home directory, simply run

userdel alice

In this tutorial, we have briefly outlined the steps you need to take to delete a user and home directory from your system in a step-by-step manner. We hope you have taken note in case next time you are faced with such a scenario.

Read Also:

• How to Stop Process Using Kill Command in Linux
• Linux List Group Members in Linux Terminal

Source

How often do you restart your network services? Sometimes you might need to troubleshoot your network connection in case you have made changes to your network or simply cannot access the internet. In this article, we’ll focus on how you can restart networking service on Ubuntu 18.04 and older versions.

1) Using Graphic User interface

One of the ways you can restart networking on Ubuntu 18.04 is by using GNOME’s GUI interface. Navigate at the top right corner of your screen and click on the network icon as shown to reveal the pull-down menu. You’ll be able to locate and view your network connection type. In this case, I’m using a wired connection. You could be using a wireless connection for your case.

Click on the network interface and click on ‘Turn off’ option to turn off the networking service.

To turn on the networking service, head out to the top right corner and click on the arrow down icon. Be sure to locate your network interface that is turned off as illustrated below.

Click on the interface to expand the options and thereafter, click on ‘Connect’.

This will bring up the interface and resume network services as normal 🙂

2) Using the Command line

For the command line geeks, a couple of options are available to you to achieve the same result. We’ll discuss a few commands that you can use to restart networking service on Ubuntu 18.04.

Netplan

Netplan is a command line tool used for easily configuring networking service on Linux systems. To restart the networking service run the command below

$ sudo netplan apply

Systemctl

Since Ubuntu 18.04 is based on systemd init , you can also use systemctl as shown

$ sudo systemctl restart networkManager.service

Service

In addition, you can also use the service command to achieve the same result as shown.

$ sudo service network-manager restart

Nmcli

nmcli is yet another command line tool that’s easy to use and saves you time when managing network interfaces. To restart networking service, run the following commands in succession.

$ sudo nmcli networking off
$ sudo nmcli networking on

Ifup/ifdown

Finally, we have the ifup/ifdown commands which can be used as follows

$ sudo ifdown -a
$ sudo ifup -a

For older versions of Ubuntu

For older versions of Ubuntu (14.04 LTS and earlier ), you can restart networking through the following commands

$ sudo service networking restart

or

$ /etc/init.d/ restart networking

Alternatively, you can stop and start networking service as an alternative to restarting networking service

To stop networking service in older versions of Ubuntu run

$ sudo service networking stop

or

$ sudo /etc/init.d/networking stop

After stopping the service, it’s time now to start the service.

start networking service

To start networking service run

$ sudo service networking start

or

$ sudo /etc/init.d/networking start

It’s a pretty simple command but how many times you end up issue restarting the network? Feel free to add any comment with your experience and share this article.

Read Also:

• 14 tcpdump Commands to Capture Network Traffic in Linux
• Colourful ! systemd vs sysVinit Linux Cheatsheet
• Awesome! systemd Commands to Manage Linux System

Source

Under CEO Satya Nadella, Microsoft has reversed much of its earlier hostility to open source software.

Michelle Groskopf

Microsoft wants to make peace with Linux, saying this week that it will allow more than 2,600 other companies, including longtime rivals like Google and IBM, to use the technology behind 60,000 Microsoft patents for their own Linux-related open source projects.

That could be good news for makers of “internet of Things” devices. Linux powers everything from connected cars to Amazon Echo hardware, but Microsoft has long claimed that various Linux-related technologies infringe on its patents and has a history of suing the alleged violators. For example, in 2009 it sued GPS navigation device maker TomTom, arguing that the company’s Linux-based products violated a patent related to how operating systems handle file storage.

Microsoft said it will join the Open Invention Network, which was founded in 2005 and describes itself as a “patent nonaggression community.” Members, which range from Linux companies like Red Hat to automakers like Toyota and General Motors, agree not to file patent suits involving Linux projects against one another. Members also get access to patents that OIN itself owns.

Some aspects of the move remain unclear, including just which Microsoft patents are included, particularly patents licensed by Android device makers like Samsung. A spokesperson says Microsoft is licensing all its patents that are relevant to the “Linux System,” which OIN defines as software code released under an open source license and “Distributed with, or for use with, the Linux Kernel.” Microsoft isn’t open sourcing any new code as part of the announcement, and isn’t transferring ownership of any patents to OIN. It also didn’t commit to licensing future patents to OIN.

But by joining the group, Microsoft is essentially giving the Linux community permission to use 60,000 patents free of charge without fear of lawsuits. That could mean that if an OIN member, such as Google, adds functionality patented by Microsoft to the Linux kernel, others can use that open source code—regardless of whether they are members of OIN, without fear of lawsuits from Microsoft.

“We know Microsoft’s decision to join OIN may be viewed as surprising to some,” Microsoft deputy general counsel Erich Andersen wrote in the blog post announcing the decision. “It is no secret that there has been friction in the past between Microsoft and the open source community over the issue of patents.”

That’s putting it mildly. As recently as the early 2000s, former Microsoft CEO Steve Ballmer openly disparaged Linux, calling it a cancer only fit for communists. In 2007, Microsoft threatened to sue Linux companies like Red Hat over patent violations. It ultimately backed down, but did file suit against TomTom and other companies.

But as Linux and open source increasingly have become crucial to software development for companies large and small, Microsoft has worked to reform its image and become a good open source citizen. Earlier this decade, it ensured that popular open source software like Hadoop, Git, and Node.js could run on Windows, and supported Linux on its Azure cloud service. More recently, it’s open sourced some offerings, such as the core of the .NET software development platform and key parts of its Edge web browser, released a Linux version of its SQL Server software, and even started using Linux to run parts of Azure.

Even as it worked to repair its reputation with the open source community, though, the company pursued an aggressive course in patent litigation. It pressured smartphone makers like Samsung into patent licensing agreements over their use of Google’s Android, which is based on the Linux kernel. In 2012, Microsoft, Apple, and others started a consortium called Rockstar, which bought more than 4,000 patents from Nortel and sued Google and demanded payments from other smartphone companies for violating those patents.

Two years later, however, Rockstar sold its patents to a company called RPX, which vowed to use them solely to defend the tech industry from litigation. And as Microsoft explores new markets, it will now have assurance that it won’t be sued by other OIN members.

Microsoft’s move is part of a broader shift in the tech industry away from aggressive and potentially costly patent litigation. When Elon Musk announced in 2014 that Tesla wouldn’t sue companies that wanted to use its technology, he downplayed the importance of enforcing patents and pointed to the futility of the long legal battle between Apple and Samsung. “You wonder who’s really benefiting there,” he said during a conference call at the time. “And it seems like neither one. It doesn’t seem like it’s actually serving shareholders.”

More Great WIRED Stories

• The long, strange history of the presidential text alert
• Inside the secret conference plotting to launch flying cars
• It’s time to talk about robot gender stereotypes
• Cities team up to offer broadband and the FCC is mad
• PHOTOS: The space shuttle program’s golden age
• Get even more of our inside scoops with our weekly Backchannel newsletter

Source

Last updated October 9, 2018 By Abhishek Prakash 9 Comments

Mathpix is a nifty little tool that allows you to take screenshots of complex mathematical equations and instantly converts it into LaTeX editable text.

LaTeX editors are excellent when it comes to writing academic and scientific documentation.

There is a steep learning curved involved of course. And this learning curve becomes steeper if you have to write complex mathematical equations.

Mathpix is a nifty little tool that helps you in this regard.

Suppose you are reading a document that has mathematical equations. If you want to use those equations in your LaTeX document, you need to use your ninja LaTeX skills and plenty of time.

But Mathpix solves this problem for you. With Mathpix, you take the screenshot of the mathematical equations, and it will instantly give you the LaTeX code. You can then use this code in your favorite LaTeX editor.

See Mathpix in action in the video below:

Video credit: Reddit User kaitlinmcunningham

Isn’t it super-cool? I guess the hardest part of writing LaTeX documents are those complicated equations. For lazy bums like me, Mathpix is a godsend.

Getting Mathpix

Mathpix is available for Linux, macOS, Windows and iOS. There is no Android app for the moment.

Note: Mathpix is a free to use tool but it’s not open source.

On Linux, Mathpix is available as a Snap package. Which means if you have Snap support enabled on your Linux distribution, you can install Mathpix with this simple command:

sudo snap install mathpix-snipping-tool

Using Mathpix is simple. Once installed, open the tool. You’ll find it in the top panel. You can start taking the screenshot with Mathpix using the keyboard shortcut Ctrl+Alt+M.

It will instantly translate the image of equation into a LaTeX code. The code will be copied into clipboard and you can then paste it in a LaTeX editor.

Mathpix’s optical character recognition technology is being used by a number of companies like WolframAlpha, Microsoft, Google, etc. to improve their tools’ image recognition capability while dealing with math symbols.

Altogether, it’s an awesome tool for students and academics. It’s free to use and I so wish that it was an open source tool. We cannot get everything in life, can we?

Do you use Mathpix or some other similar tool while dealing with mathematical symbols in LaTeX? What do you think of Mathpix? Share your views with us in the comment section.

About Abhishek Prakash

I am a professional software developer, and founder of It’s FOSS. I am an avid Linux lover and Open Source enthusiast. I use Ubuntu and believe in sharing knowledge. Apart from Linux, I love classic detective mysteries. I’m a huge fan of Agatha Christie’s work.

Source

Last updated October 8, 2018 By Abhishek Prakash 3 Comments

This quick tutorial shows you how to quickly fix the “add-apt-repository command not found” error on Debian, Ubuntu and other Debian-based Linux distributions.

One of the many ways to install software on Ubuntu or Debian is to use PPA (Personal Package Archive).

If you want to add a new PPA repository, you’ll have to use the add-apt-repository command in the following fashion:

sudo add-apt-repository ppa:some/ppa

In Debian, elementary OS and sometimes on Ubuntu, you’ll see the error that add-apt-repository command is missing.

sudo: add-apt-repository: command not found

Let’s see how to fix this annoying error.

Fix add-apt-repository: command not found error

The error is simple. The package add-apt-repository is not installed on your system.

But if you try to use sudo apt-get install add-apt-repository, it won’t work.

It’s because add-apt-repository command is under the package software-properties-common and you need to install this package in order to install add-apt-repository.

So, open a terminal and use this command:

sudo apt-get install software-properties-common

The command output will be something like this:

Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
software-properties-common
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 9,912 B of archives.
After this operation, 197 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 software-properties-common all 0.96.24.32.5 [9,912 B]
Fetched 9,912 B in 2s (5,685 B/s)
Selecting previously unselected package software-properties-common.
(Reading database … 265950 files and directories currently installed.)
Preparing to unpack …/software-properties-common_0.96.24.32.5_all.deb …
Unpacking software-properties-common (0.96.24.32.5) …
Processing triggers for man-db (2.8.3-2) …
Processing triggers for dbus (1.12.2-1ubuntu1) …
Setting up software-properties-common (0.96.24.32.5) …

Once you have installed software-properties-common, you can now comfortably use add-apt-repository or apt-add-repository commands to add PPA.

Note: If you see an error saying software-properties-common command not found, you should run sudo apt-get update and then try to install it again.

I hope this quick tip helped you in fixing “add-apt-repository: command not found” error on Ubuntu and other Debian-based Linux distributions.

If you are still facing issues with PPA, let me know in the comment section. Additional suggestions, questions and a quick word of thanks are always welcome.

About Abhishek Prakash

I am a professional software developer, and founder of It’s FOSS. I am an avid Linux lover and Open Source enthusiast. I use Ubuntu and believe in sharing knowledge. Apart from Linux, I love classic detective mysteries. I’m a huge fan of Agatha Christie’s work.

Source

IPFire is an open source operating system that has been designed from the ground up to act as a dedicated, secure and flexible firewall system based on some of the best Linux technologies, such as iptables, OpenSSL and OpenSSH.

Distributed as a 32-bit ISO image

This tiny OS can be downloaded via Softpedia or from its official website (see link above) as a single, installable only CD ISO image of approximately 150MB in size, tagged only for the 32-bit (i586) instruction set architecture. While the distro will boot and install on 64-bit hardware platforms, it will only accept 32-bit applications.

Boot options

The beautifully designed and well organized boot menu will allow you to directly and permanently install the distribution on a local drive. In addition, you’ll be able to install the OS in text mode, perform an unattended installation, run a memory diagnostic test with the Memtest86+ utility, as well as to view detailed hardware information with the Hardware Detection Tool (HDT).

Very easy-to-use text-mode installation program

The entire installation process is text-based and will require the user to only select a language (supported languages include English, Turkish, Polish, Russian, Dutch, Spanish, French and German), accept the license, and partition the disk (supported filesystems include EXT2, EXT3, EXT4 and ReiserFS).

After installation, it is a must to select a keyboard layout and timezone, enter the machine’s hostname and domain name, enter a password for the root (system administrator) and admin accounts, as well as to configure the network (includes DNS, Gateway, IP Address, Drivers and Network Card settings).

Bottom line

Summing up, IPFire is one of the world’s best open source firewall distributions of Linux, engineered to deliver state-of-the-art firewall, VPN gateway and proxy server components. Its design is modular and flexible, which means that its functionality can be extended through plugins.

Linux firewall Network firewall Linux distribution Network Firewall Linux Distribution

Source

Linux kernel is the essential part of any Linux operating system. It is responsible for resource allocation, low-level hardware interfaces, security, simple communications, basic file system management, and more. Written from scratch by Linus Torvalds (with help from various developers), Linux is a clone of the UNIX operating system. It is geared towards POSIX and Single UNIX Specification compliances.

Features at a glance

Linux comes with powerful features, such as true multitasking, multistack networking, shared copy-on-write executables, shared libraries, demand loading, virtual memory, and proper memory management. Initially designed only for 386/486-based computers, now Linux supports a wide range of architectures, including 64-bit (IA64, AMD64), ARM, ARM64, DEC Alpha, MIPS, SUN Sparc, PowerPC, as well as Amiga and Atari machines.

The most essential component of a GNU/Linux operating system

The most essential component of a Linux-based operating system is the Linux kernel. Without it, the entire system (libraries, applications, etc.) is useless. When creating a Linux distribution, it is also very important to know how to correctly optimize the Linux kernel package, in order to make it support certain hardware components or recognize a specific device.

Distributed in multiple stable branches

One should not be confused by the many stable branches of the Linux kernel, as they are available for different purposes. For example, there are several LTS (Long Term Support) branches that can be used to deploy very stable Linux operating systems. These days, major Linux distribution developers provide users with optimized kernel packages for different purposes. However, advanced users can configure, compile and install their own kernels directly from the source packages at any point (all you need is a supported GCC compiler).

The heart of a Linux distribution

The Linux kernel is the heart of a Linux distribution. If you are a long time Linux user, you may have stumbled across upgrades to the default Linux kernel packages, which lead to better support for certain hardware components or peripherals.

Linux kernel Linux core Kernel linux Kernel Linux Core Linux kernel

Source

 

Share with friends and colleagues on social media

Following SUSE Linux Enterprise releases are now supported for SAP HANA:

• HANA 2.0 on Intel-based Hardware Platforms
  • SUSE Linux Enterprise Server for SAP Applications 15 GA
  • SUSE Linux Enterprise Server 15 GA
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 / SP2 / SP1
  • SUSE Linux Enterprise Server 12 SP3 / SP2 / SP1
• HANA 2.0 on IBM Power Servers
  • SUSE Linux Enterprise Server for SAP Applications 15 GA
  • SUSE Linux Enterprise Server 15 GA
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 / SP2 / SP1
  • SUSE Linux Enterprise Server 12 SP3 / SP2 / SP1
• HANA 1.0 on Intel-based Hardware Platforms:
  • SUSE Linux Enterprise Server for SAP Applications 15 GA
  • SUSE Linux Enterprise Server 15 GA
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 / SP2 / SP1 / GA
  • SUSE Linux Enterprise Server 12 SP3 / SP2 / SP1 / GA
  • SUSE Linux Enterprise Server for SAP Applications 11 SP4 / SP3 / SP2
  • SUSE Linux Enterprise Server 11 SP4/ SP3 / SP2
• HANA 1.0 on IBM Power Servers
  • SUSE Linux Enterprise Server for SAP Applications 11 SP4
  • SUSE Linux Enterprise Server 11 SP4

Full details are available in the SAP Note 2235581: SAP HANA Supported Operating Systems SAP Note: (SAP access required) https://launchpad.support.sap.com/#/notes/2235581

Share with friends and colleagues on social media
Source

Share with friends and colleagues on social media

Ease Your Migration with Tools and Training

SAP HANA runs exclusively on Linux, which means that a moment of change is coming for many SAP customers that have not yet adopted SAP HANA. Companies using other platforms, like Microsoft Windows, will need to migrate to Linux — and this is not an insignificant segment of the install base: As many as 68.2% of SAP customers still run on operating systems other than Linux, according to this IDC study. Companies know the strategic importance and business benefits of SAP HANA but have been slow to begin this migration to adopt the in-memory database.

We’ve heard several common questions and concerns from SAP customers about their migration to Linux, such as whether a Linux migration will disrupt system operations, or whether they will be as comfortable managing the new system as they were with legacy platforms. In this article, we’ll explore how, with the proper technology and management, you can mitigate such concerns and undertake a smooth transition.

A Successful Migration
Technology migrations often disrupt existing business operations, resulting in downtime, data loss, or extra costs. The way to avoid these types of issues is with the appropriate knowledge transfer and tools. SUSE offers SUSE Linux Enterprise Server for SAP Applications, a Linux-based operating system designed for SAP customers that includes a number of features and functionalities intended to help companies migrate smoothly. To ensure stable SAP operations, the platform includes technology for high availability and disaster recovery. SUSE Linux Enterprise Server for SAP Applications, for example, includes features that enable SAP HANA users to reduce downtime by clustering physical and virtual servers.

This clustering capability eliminates single points of failure and lets users implement automated failover. Additionally, SUSE Linux Enterprise Live Patching facilitates interruption-free SAP HANA operations by allowing companies to install patches on the Linux kernel without having to restart servers or slow down applications. This feature also boosts security and compliance, as the systems are always up to date with the latest security patches. A successful migration is not solely about the tools that are used, however; it’s also about the skills of the people who implement those tools. SUSE offers special training to prepare SAP system administrators for the operation of SUSE Linux Enterprise Server for SAP Applications to ease their transition from familiar legacy platforms.

Simplified Deployment and Management
But what about deploying and managing the new Linux platform? Will organizing these tasks be more complicated than on a familiar operating system? SUSE provides a number of management tools to make the deployment and management of the new platform easier. The standard Installation Wizard is a graphical configuration tool that SAP system administrators can use to walk through an automated workflow to install Linux and the desired SAP applications and SAP HANA in just a few steps. Additionally, administrators can maintain the availability of their infrastructure with SUSE Manager. Automating Linux server management and monitoring reduces administrative effort, increases productivity, and ensures less downtime. With SUSE Manager, companies can automate their patch and update management, ensuring compliance with guidelines.

Migrating with Confidence
SAP customers and partners alike are working with SUSE on their Linux migrations. “SUSE is a piece of the puzzle for us delivering guaranteed performance for customers who are running production SAP workloads,” says Christian Teeft, Chief Technology Officer and Senior Vice President of Cloud Services at Symmetry, an enterprise cloud services provider that uses SUSE Linux Enterprise Server for SAP Applications as the operating system for its proprietary SAP HANA cloud solution. Ibrahim Mahmoud, IT Director at Saudi Company for Hardware, adds “Thanks to SUSE Linux Enterprise Server for SAP Applications, we’re getting the proper IT quality and support that our business needs to run smoothly — now and as we expand in the future.”

For more information about SUSE Linux Enterprise Server for SAP Applications, visit www.suse.com/products/sles-for-sap.

Originally featured on SAP Insider in September 2018

Share with friends and colleagues on social media

Source

Organizations today are seeking to increase productivity, flexibility and innovation to deliver services faster without sacrificing security, stability and performance. As hybrid IT environments continue to expand and evolve, security must be automated to scale and mitigate risks to achieve compliance and meet the needs of the business.

Why should security and compliance be automated? According to the 2017 Verizon Data Breach Report, “81% of hacking-related breaches leveraged either stolen and/or weak passwords”. Ensuring protection against stolen and/or weak passwords is preventable by defining and implementing strong password policies using automation. In this article by Gartner, “99% of the vulnerabilities exploited by the end of 2020 will continue to be ones known by security and IT professionals at the time of the incident”. Automation can help enforce and ensure security and compliance and help protect against security vulnerabilities and security breaches.

Red Hat Enterprise Linux provides security technologies, certifications, and the ongoing support of the Product Security team to combat vulnerabilities, protect your data, and meet regulatory compliance. You can automate regulatory compliance and security configuration remediation across your systems and within containers with OpenSCAP, Red Hat’s National Institute of Standards and Technology (NIST)-certified scanner that checks and remediates against vulnerabilities and configuration security baselines, including against National Checklist content for PCI-DSS, DISA STIG, and more. Additionally, centralize and scale out configuration remediation across your entire hybrid environment with the broader Red Hat management portfolio.

OpenSCAP is a family of open source SCAP tools and content that help users create standard security checklists for enterprise systems. Natively shipping in Red Hat Enterprise Linux and Red Hat Satellite, OpenSCAP provides practical security hardening advice for Red Hat technologies and links to compliance requirements, making deployment activities like certifications and accreditations easier. OpenSCAP allows you to perform both vulnerability and security compliance checks in a fully automated way.

To better meet the varied security needs of hybrid computing, Red Hat Enterprise Linux 7.5 provides enhanced software security automation to mitigate risk through the integration of OpenSCAP with Red Hat Ansible Automation. This enables the creation of Ansible playbooks directly from OpenSCAP scans which can then be used to implement remediations more rapidly and consistently across a hybrid IT environment. The remediations are generated in the form of Ansible playbooks, either based on profiles or based on scan results.

A playbook based on a SCAP Security Guide (SSG) profile contains fixes for all rules, and the system is remediated according to the profile regardless of the state of the machine. On the other hand, playbooks based on scan results contain only fixes for rules that failed during an evaluation.

In Red Hat Enterprise Linux 7.5, Red Hat provides pre-built Ansible playbooks for many compliance profiles. The playbooks are stored in the /usr/share/scap-security-guide/ansible/ directory. You can apply the pre-generated Ansible playbooks provided by the scap-security-guide in this directory on your host.

Alternatively, to generate an Ansible playbook based on a profile (for example, the DISA STIG profile for Red Hat Enterprise Linux 7), enter the following command:

$ oscap xccdf generate fix –fix-type ansible
–profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa
–output stig-rhel7-role.yml
/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml

To generate an Ansible playbook based on the results of a scan, enter the following command:

$ oscap xccdf generate fix –fix-type ansible
–result-id “”
–output stig-playbook-result.yml
results.xml

where the results.xml file contains results of the scan obtained when scanning with the –results option and the result-id option contains an ID of the TestResult component in the file with results. In the example, above, we are using empty result-id. This is a trick to avoid specifying the full result ID.

To apply the Ansible playbook, enter the following command:

$ ansible-playbook -i inventory.ini stig-playbook-result.yml

Note that the ansible-playbook command is provided by the ansible package. See the ansible-playbook(1) man page and the Ansible Tower User Guide for more information.

The atomic scan command enables users to use OpenSCAP scanning capabilities to scan docker-formatted container images and containers on the system. It is possible to scan for known CVE vulnerabilities or for configuration compliance. Additionally, users can remediate docker-formatted container images to the specified policy.

The OpenSCAP scanner and SCAP content are provided in a container image that allows for easier updating and and deployment of the scanning tools. The `atomic scan` command enables the evaluation of Red Hat Enterprise Linux based container images and running containers against any provided SCAP profile.

For example, here is how to scan the container for configuration compliance to the RHEL 7 DISA STIG profile.

$ sudo atomic scan –scan_type configuration_compliance
–scaner_args profile=stig-rhel7-disa, report registry.access.redhat.com/rhel7:latest

To remediate docker-formatted container images to the specified policy, you need to add the –remediate option to the atomic scan command when scanning for configuration compliance. The following command builds a new remediated container image compliant with the DISA STIG policy from the Red Hat Enterprise Linux 7 container image:

$ sudo atomic scan –remediate –scan_type configuration_compliance
–scanner_args profile=xccdf_org.ssgproject.content_profile_stig-rhel7-disa,report
registry.access.redhat.com/rhel7:latest

Finally, in order to automate security and compliance at scale for hybrid environments, you will need an automation strategy that includes products and tools that will help you scan and remediate more than a single machine at a time. For example, you can use OpenSCAP with a combination of Red Hat’s Management Portfolio, which includes Red Hat CloudForms, Red Hat Ansible Automation, Red Hat Satellite , and Red Hat Insights. Using OpenSCAP with these Red Hat Management portfolio projects, you can automate security and compliance at scale for your hybrid environment.

The built-in security automation capabilities of Red Hat Enterprise Linux with the integration of OpenSCAP with Red Hat Ansible Automation gives you the flexibility and ease of automating security compliance. This integration also provides the secure foundation to do security automation at scale by extending these built-in capabilities with Red Hat’s management portfolio.

Learn more in this webcast: Automating Security Compliance with Ease.

Source