Installing content libraries

For the installation of BMC Server Automation Compliance Content libraries on the BMC Server Automation Application Server, you can choose between a direct installation procedure using an interactive installation wizard or a silent (unattended) installation procedure.

During installation, the installer performs the following actions:

• Imports groups of out-of-the-box component templates that contain compliance rules for regulatory standards and best-practice policies (HIPAA, PCI, SOX, DISA, PCIv2, and CIS).
• Imports corresponding groups of remediation BLPackages into the Depot, for use in remediating compliance failures against SOX, HIPAA, PCI, DISA, PCIv2, or CIS.
• Imports a group of out-of-the-box batch-type Scale Jobs that can be used for compliance analysis on UNIX ^® and Linux platforms, especially in environments with large numbers of servers.
• Installs various out-of-the-box configuration objects (configuration files and extended objects) that support the provided compliance rules.
• Creates a custom property class for each policy type and defines a Default instance for the property class.

Before you begin

• Ensure that your environment complies with all requirements listed in Requirements and supported resources.
• If you are running the installation process for the purpose of upgrading or repairing previously installed component templates, ensure that all existing Compliance Content component templates are closed (that is, not open for editing) in the BMC Server Automation Console.

To install Compliance Content libraries directly

1. Log on as a user with administrator privileges to the computer that hosts the BMC Server Automation Application Server.
   On a UNIX computer, log on as root. If you are not permitted to log on as root, use the su command to run as root after logging on as a non-root user. Alternatively, use the sudo command.

   Notes

   The OS user running the installer must also be granted root privileges through the users.local file on the BMC Server Automation Application Server and needs write access to the Applications Servers and File Server storage location. For example, if you are logged onto the OS and you started the Compliance Content installer as Administrator, you need to have an entry such as the following in the users.local file on the Application Server(s) and File Server targeted by the installer:
Administrator rw,map=Administrator,hosts=<ip of system running content installer>
   Or, if you are running the Compliance Installer as root:
   root rw,map=root,hosts=<ip of system running content installer>

   If the system that you are running the Compliance Content Installer from is configured to use a NSH proxy, you must ensure that the profile name used to authenticate in the Compliance Content Installer is configured in the local secure file as described in Setting up the Network Shell client to run in proxy mode.

2. Download the appropriate content setup file from the BMC Software web site to a temporary directory on the BMC Server Automation Application Server.
   Depending on your operating system, select one of the following files:

   OS	Name before 8.2 SP3	Name since 8.2 SP3
   Windows	Content-Windows-setup.exe	Content82-SP<number>-WIN.exe
   Linux	Content-Linux-setup.bin	Content82-SP<number>-LIN.bin
   Solaris	Content-Solaris-setup.bin	Content82-SP<number>-SOL.bin

3. Navigate to the directory where you saved the content setup file and run the file.

   Note

   On a Windows operating system, you may need to perform certain prerequisite tasks to ensure the proper function of the installation wizard. For more information, see the Troubleshooting topic Installer prerequisites on Windows not met.

4. Click Next on the Welcome page of the installation wizard.
5. Accept the license agreement, and then click Next.

6. Enter BMC Server Automation logon credentials — authentication profile, user account, and password — and then click Next.
   The user account that you specify must have, at minimum, authorizations at the same level as the BLAdmins role.

   Note

   • If you do not want to use any of the available profiles, select Add New Profile from the drop-down list. Then provide the information necessary for creating a new profile — profile name, authentication host, port number, and authentication type — and click Add. For more information, see Setting up an authentication profile.

   Your user credentials are validated.

7. If the user that you specified is assigned to more than one role, you must select a single role to use for the installation. Then click Next.

   Note

   If the role assignment of the selected user account was changed by RBACAdmin since the relevant authentication profile was acquired, you must re-acquire the profile before you can select a role for the user.

8. The name or IP address of the application server associated with the authentication profile that you specified in step 6 is displayed. Click Nextto confirm the loading of content libraries on the specified application server.

   Note

   In a multi-server environment, to load content on multiple BMC Server Automation Application Servers within the same environment (that is, connected to the same BMC Server Automation core database), select the check box that indicates a multi-server environment before you click Next. Then in the next window, enter the names or IP addresses of any additional application servers, one in each row, and click Next.

   To successfully install content in a multi-server environment, the system user running the installer must have Network Shell write access to the application servers. For example, if you are logged onto the OS and you started the Compliance Content installer as Administrator, you need to have an entry such as the following in the users.local file on all of the Application Servers targeted by the installer:
   Administrator rw,map=Administrator

   The connection to the application server (or servers) is validated.

9. Choose between a full setup and a custom setup, and then click Next.
   A full setup installs all available content libraries. A custom setup lets you select the content libraries to install.

10. If you chose a custom setup, select the component templates to install from a hierarchical listing of content libraries and the component templates that they contain, and then click Next.
    
    The installer compares the component templates provided within the Compliance Content libraries that you are installing with any component templates that you may already have installed. The results of this comparison are reflected in the text displayed for each component template in the hierarchical list, with the following possible scenarios and texts:

    Installed template	Displayed text
    not detected	Install templateName libraryVersion
    older version	Upgrade templateName installedVersion to libraryVersion
    same version	Repairing templateName installedVersion with same version
    newer version	Overwriting templateName installedVersion with libraryVersion

11. Click Next to accept the temporary installation directory path, or change the path and then click Next.
    The default directory is C:\Program Files\BMC Software\Content on Windows or /opt/bmc/Content on Linux or UNIX. This directory is used temporarily, and is automatically deleted after installation is complete.

12. Review the summary information, and then click Install.
    Installation begins. A progress bar indicates the percentage of the installation that is complete.

    Note

    An installation log file named content_install_log.txt is created in the following directory:

    • On Linux: /tmp
    • On Solaris UNIX: /var/tmp
    • On Windows: %USER_HOME%\Local Settings\Temp (for example: C:\Documents and Settings\Administrator\Local Settings\Temp )

To perform a silent installation of Compliance Content libraries

1. Log on as a user with administrator privileges to the computer that hosts the BMC Server Automation Application Server.
   On a UNIX computer, log on as root. If you are not permitted to log on as root, use the su command to run as root after logging on as a non-root user. Alternatively, use the sudo command.

   Note

   In a multi-server environment, to load content on multiple BMC Server Automation Application Servers within the same environment (that is, connected to the same BMC Server Automation core database), select the check box that indicates a multi-server environment before you click Next. Then in the next window, enter the names or IP addresses of any additional application servers, one in each row, and click Next.

   To successfully install content in a multi-server environment, the system user running the installer must have Network Shell write access to the application servers. For example, if you are logged onto the OS and you started the Compliance Content installer as root, you need to have an entry such as the following in the users.local file on all of the Application Servers targeted by the installer:
   root rw,map=root

2. Download the appropriate content setup file from the BMC Software web site to a temporary directory on the BMC Server Automation Application Server.
   Depending on your operating system, select one of the following files:
   • For Windows: Content82-SP<number>-WIN.exe
   • For Linux: Content82-SP<number>-LIN.bin
   • For Solaris UNIX: Content82-SP<number>-SOL.bin
3. Create an Options file (for example, OptionsFile.txt ), and ensure that the following lines are included in this text file:
   -P installLocation= installation directory
   -J BLADELOGIC_PROFILES= profileName
   -J BLADELOGIC_PROFILES_TYPES= profileAuthenticationType
   -J USER_PROFILE_NAME= profileName
   -J USER_ACCOUNT_NAME= userAccount
   -J USER_ACCOUNT_PASSWORD= encryptedPassword
   -J USER_ROLE= userRole
   -J CONTENT_APPSERVER_LIST= applicationServerList
   -J INSTALL_policy_TEMPLATES=true (for all templates of a policy)
   -A templateFeatureID (to choose exact templates)
   Where
   • The default path to the CONTENT_HOME installation directory (the value of the -P attribute) is C:\Program Files\BMC Software\Content on Windows or /opt/bmc/content on UNIX. This directory is used temporarily, and is automatically deleted after installation is complete.
   • For a silent installation, you can only specify one existing profile and its authentication type in the BLADELOGIC_PROFILES and BLADELOGIC_PROFILES_TYPES properties. Specify the same profile in the USER_PROFILE_NAME property.
     
     You cannot create a new profile during a silent installation, as is possible during the interactive direct installation. Therefore, ensure that you already have an appropriate profile defined. To ensure that profiles are defined, check for the existence of the authenticationProfiles.xml file within the BMC Server Automation installation directories and review its contents. For more information about setting up an authentication profile, see Setting up an authentication profile.
   • The USER_ROLE property is necessary only if the user that you specified is assigned to more than one role.
   • The password for the BMC Server Automation user account must be encrypted . To generate an encrypted password, invoke the blenc utility through any Network Shell prompt. The blenc utility prompts you for your password and then generates and outputs a corresponding encrypted password.
   • The list of application servers can contain multiple BMC Server Automation Application Server names or IP addresses if you are working in a multi-server environment. Use commas to separate Application Server names.
     
     To successfully install content in a multi-server environment, the system user running the installer must have Network Shell write access to the application servers.

   • For each policy type, you can choose between installing all component templates of the policy using the -J INSTALL_<policy>_TEMPLATES=true line (where the policy can be DISA, HIPAA, PCI, PCIv2, SOX or CIS), or you can choose the exact component templates to install using multiple -A lines.
     
     Template feature IDs specified in -A lines have the naming convention featurePolicyOSTemplate (for example, featureSoxAixTemplate). For the full list of template feature IDs, see Compliance Content component templates.

     Examples

     An Options file with the following lines installs all HIPAA templates, and two individual SOX templates:
     -P installLocation=C:\Program Files\BMC Software\Content
-J BLADELOGIC_PROFILES=defaultProfile
-J BLADELOGIC_PROFILES_TYPES=SRP
-J USER_PROFILE_NAME=defaultProfile
-J USER_ACCOUNT_NAME=BLAdmin
-J USER_ACCOUNT_PASSWORD=facfe8dfd0743920d8d901de05557886
-J CONTENT_APPSERVER_LIST=AUS-LORA-10.bmc.com
-J INSTALL_HIPAA_TEMPLATES=true
-A featureSoxAixTemplate
-A featureSoxLinuxTemplate
     
     An Options file with the following lines performs a full install:
     -P installLocation=<installationDirectory>
-J BLADELOGIC_PROFILES=<profileName>
-J BLADELOGIC_PROFILES_TYPES=<profileAuthenticationType>
-J USER_PROFILE_NAME=<profileName>
-J USER_ACCOUNT_NAME=<userAccount>
-J USER_ACCOUNT_PASSWORD=<encryptedPassword>
-J USER_ROLE=<userRole>
-J CONTENT_APPSERVER_LIST=<applicationServerList>
-J INSTALL_DISA_TEMPLATES=true
-J INSTALL_CIS_TEMPLATES=true
-J INSTALL_HIPAA_TEMPLATES=true
-J INSTALL_PCI_TEMPLATES=true
-J INSTALL_PCIv2_TEMPLATES=true
-J INSTALL_SOX_TEMPLATES=true
     
     An Options file with the following lines performs a custom install that includes only the DISA Linux templates:
     -P installLocation=<installationDirectory>
-J BLADELOGIC_PROFILES=<profileName>
-J BLADELOGIC_PROFILES_TYPES=<profileAuthenticationType>
-J USER_PROFILE_NAME=<profileName>
-J USER_ACCOUNT_NAME=<userAccount>
-J USER_ACCOUNT_PASSWORD=<encryptedPassword>
-J USER_ROLE=<userRole>
-J CONTENT_APPSERVER_LIST=<applicationServerList>
-A featureDisaLinuxTemplate

4. Run the silent installation using the following command:
   full path to Setup file -i silent -DOPTIONS_FILE= full path to Options file

   Note

   An installation log file named content_install_log.txt is created in the following directory:

   • On Linux: /tmp
   • On Solaris UNIX: /var/tmp
   • On Windows: %USER_HOME%\Local Settings\Temp (for example: C:\Documents and Settings\Administrator\Local Settings\Temp )

Where to go from here

If you encounter problems during the installation process, check the installation log for messages and consult Troubleshooting the installation of Compliance Content add-ons for further troubleshooting information.

After you complete the installation process, proceed with the necessary configuration tasks, as described in Configuring Compliance Content add-ons.