Auditing and querying issues identified during scans

In some cases, a CIS or DISA STIG compliance scan might identify an issue that you want to investigate and fix. To get started, you can run an audit or query.

CEM for Linux supports Puppet Bolt tasks that you can use to run an audit or query. For more information, go to Puppet Forge and review the Tasks list.

Tip: Some tasks have associated parameters. In the Tasks list, you can click the green downward arrow to display any associated parameters.

You can run tasks individually by following the instructions in Running tasks.

You can run all audit tasks simultaneously by using a Bolt plan, run_audit. To run the Bolt plan, use a command with the following structure:

bolt plan run cem_linux::run_audit –targets <IP_address_of_target_node> 
--tasks_dir <relative_path_of_cem_tasks_directory> --user <user_name> 
--password <user_password>

On this command, the following parameters are optional:


Optional parameter	Details
`tasks_dir`	Specify this parameter only if your tasks are not in the default directory: `./tasks`
`user`	Specify this parameter only if you are running the command on a remote node, and you require a username and password to access the node.
`password`	Specify this parameter only if you require a password to access a remote node.

To run all audit tasks simultaneously from your local computer, issue the following command:

bolt plan run cem_linux::run_audit --targets localhost

To run all audit tasks simultaneously on a remote node, issue a command similar to one of the following examples:

If the IP address of the remote node is 34.83.231.128, your username is expert23, and your password is RainInSpain1!, issue the following command:
```
bolt plan run cem_linux::run_audit --targets 34.83.231.128 
--user expert23 --password RainInSpain1!
```
However, if a username and password are not required to access the remote node, you would issue the following command:
```
bolt plan run cem_linux::run_audit --targets 34.83.231.128
```
If your tasks are not in the default directory (./tasks) but are in the /cem/tasks directory, you would issue the following command:
```
bolt plan run cem_linux::run_audit --targets 34.83.231.128 
--tasks_dir /cem/tasks
```

You can also specify multiple target nodes. For instructions, see TargetSpec.

After you run the plan, review the output in the Bolt log file on the computer where you ran the command. The following sample output is for an individual task, audit_check_ipv6, that was run as part of a Bolt plan. In this case, the audit was successful:

Task -> 
  Task_name: audit_check_ipv6, 
  Task_details: Audit IPV6 for RHEL8 
Task: audit_check_ipv6 
Starting: task cem_linux::audit_check_ipv6 on 34.83.231.128 
Finished: task cem_linux::audit_check_ipv6 with 0 failures in 6.27 sec 

 Task Result: [{"target":"34.83.231.128","action":"task",
"object":"cem_linux::audit_check_ipv6","status":"success",
"value":{"_output":"\nIPv6 is enabled on the system\n\n"}}]

For more information about running Bolt plans, see Orchestrating workflows with plans.