mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-07 09:46:53 +01:00
35 lines
1.4 KiB
Plaintext
35 lines
1.4 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc
|
|
|
|
[id="compliance-rescan_{context}"]
|
|
= Performing a rescan
|
|
Typically you will want to re-run a scan on a defined schedule, like every Monday or daily. It can also be useful to re-run a scan once after fixing a problem on a node. To perform a single scan, annotate the scan with the `compliance.openshift.io/rescan=` option:
|
|
|
|
[source,terminal]
|
|
----
|
|
$ oc -n openshift-compliance \
|
|
annotate compliancescans/rhcos4-e8-worker compliance.openshift.io/rescan=
|
|
----
|
|
|
|
A rescan generates four additional `mc` for `rhcos-moderate` profile:
|
|
|
|
[source,terminal]
|
|
----
|
|
$ oc get mc
|
|
----
|
|
|
|
.Example output
|
|
[source,terminal]
|
|
----
|
|
75-worker-scan-chronyd-or-ntpd-specify-remote-server
|
|
75-worker-scan-configure-usbguard-auditbackend
|
|
75-worker-scan-service-usbguard-enabled
|
|
75-worker-scan-usbguard-allow-hid-and-hub
|
|
----
|
|
|
|
[IMPORTANT]
|
|
====
|
|
When the scan setting `default-auto-apply` label is applied, remediations are applied automatically and outdated remediations automatically update. If there are remediations that were not applied due to dependencies, or remediations that had been outdated, rescanning applies the remediations and might trigger a reboot. Only remediations that use `MachineConfig` objects trigger reboots. If there are no updates or dependencies to be applied, no reboot occurs.
|
|
====
|