Example procedure for creating a Compliance Job
Use the following procedure to create a Compliance Job in the BMC Server Automation Console.
Before you begin, ensure that you have already run a Component Discovery Job to discover components based on the relevant component templates.
- From the Folders view in the console, navigate to the folder in which you want to store the new job (for example, Jobs > yourRole > Workspace).
- Right-click the folder and select New > Compliance Job.
The New Compliance Job wizard appears.
- On the General panel of the wizard, complete each field. Click Next.
- Assign a meaningful name to the job (such as CIS Compliance).
- In the Description field, optionally enter a description of the job function.
- Choose where to save the job (by default, the folder from where you created the job).
- Select the Number of Targets to Process in Parallel.
- To set the Job to continue despite compliance and data collection errors, under Options, click the check box.
- On the Component Templates for Filtering panel, navigate to and select the component template against which you want to analyze servers. Then use the arrow button to move your selection to the list of selected templates. Click Next.
For the template to appear on this panel, Compliance operations must be enabled for the template. If the template does not appear, open the template and select the Compliance check box on the General tab. For remediation settings to be enabled (in a subsequent step), select also the Allow Remediation and (optionally) the Allow Auto-Remediation check boxes.
- On the Components panel, use the arrows to select components to be analyzed. You can select a server or server group to include all components that are discovered on the server or servers. Click Next.In the following sample figure, the Available Servers smart group is selected.
- On the Auto-Remediation panel, indicate your Auto-Remediation settings, and click Next.
- To set automatic remediation to begin after the job runs, select Remediate after compliance analysis completes.
- In the Remediation name field, enter a name for the remediation package.
- In the Save package in field, select a folder in which to save the remediation package (provided that you already associated a remediation package with the relevant rule, within rule definitions).
- In the Save remediation/deploy job in field, select a folder in which to save the Deploy Job for the remediation package.
- To set the remediation package to include duplicate property names for individual compliance rules that have failed, select the Keep each local property name unique in remediation package check box. If selected, each property name is indexed so that all references to a particular property are retained, and the default value for each property is also retained. If you clear this option, property names are left untouched, but the default value assigned to the property becomes the value of the property for the first failed compliance rule that is merged into the remediation package.
- To deploy remediation packages to servers rather than deploying them to the target components of a Compliance Job, select the Use servers as remediation target check box. If you clear this check box, the target components from the Compliance Job are used as the targets for the remediation job.
- On the Default Notifications panel, indicate your Job Run Notifications settings and Compliance Results Notifications settings. Click Next.
- On the Schedules panel, indicate whether or not you want to execute the job immediately. In addition, to schedule job runs for a future time, click the green + (plus) icon to open the scheduler.
- On the Scheduled Job Notifications tab, you can configure special notification settings for individual schedules (instead of the general job notifications that you set in the previous step).
- Click Next to step through the remaining panels (Properties and Permissions). Click Finish.