Using Compliance analysis to check file permissions

This topic was edited by a BMC Contributor and has not been approved.  More information.

In this example scenario, we will create a Compliance Job that will list permissions for multiple files in Linux.

The following objects will be created in this scenario:

  • File permissions will be listed for files under the /etc folder.
  • Component Template Folder = /CTF
  • Component Template = /CTF/ct1
  • Job Group = /JobG
  • Discovery Job = /JobG/ct1-d
  • Compliance Job = /JobG/ct1-c
  • Target Server = 10.98.241.23 (Linux Machine)

The process involves the following tasks:

Creating a component template with a compliance rule

  1. Right-click a folder under Component Templates, and select New > Component Template.
    In this example, a component template folder named CTF is used.

  2. On the General (Step 1) page of the Create New Component Template wizard, enter the following information:
    • In the Name field, type a name for the component template (ct1)
    • In Save in, accept the default location to save the template — within the CTF folder.
    • Under Allowed Operations, ensure that the Compliance option is selected.
  3. Click Next to move on to the Parts (Step 2) page.
  4. To add a part, perform the following steps:
    1. Click the green + icon (Add).
    2. In the Add Parts dialog box, expand a Linux Machine, and then expand File System and /.
    3. Select etc and click > to add it as a selected part.
    4. Click OK.

  5. Click Next on the Parts page, and click Next again on the Properties page.
  6. On the Permissions page, click Finish.
  7. Right-click the newly created ct1 template, and select Open.
  8. In the component template editor, click the Compliance tab.
  9. To define a compliance rule on the Compliance tab, perform the following steps:
    1. Click Add New Compliance Rule.
    2. On the General tab, enter a Name and Description for the rule.
    3. On the Rule Definition tab, click the Green + icon (New Condition).
    4. In the left-hand side (LHS) operand, expand Configuration Object Type, and select File > Permissions (Unix) (Unix). Then manually type the directory location where you want to list file permissions. In this example, we want to list permissions of all files available in /etc, so we type etc/* after File:/ (as shown in the next figure).
    5. Select equals as the operator and enter a permission value of 0000 to list permissions for all files (unmatched).
    6. Click the green check mark icon (Apply Condition Value).
    7. Save and close your new compliance rule.
  10. Save and close the ct1 component template.

Creating a Discovery Job

  1. Right-click the ct1 component template, and select Discover.
  2. On the General (Step 1) page of the New Component Discovery Job wizard, enter a name for the job (ct1-d) and specify a location in which to save the job (in this example, the JobG folder). Then click Next.
  3. On the Component Templates (Step 2) page, ensure that the ct1 template is selected, and click Next.
  4. On the Targets (Step 3) page, select the target server (the Linux computer where the files that you want to check for permissions are located), and then click Next.
  5. On the Default Notifications (Step 4) page, click Next.
  6. On the Schedules (Step 5) page, select Execute Job Now, and then click Next.
  7. On the Properties (Step 6) page, click Next.
  8. On the Permissions (Step 7) page, click Finish.
  9. To view the results of Discovery Job, right-click the job and select Show Results.

Creating a Compliance Job

  1. Right-click the ct1 component template and select Compliance.
  2. On the General (Step 1) page of the New Compliance Job wizard, enter a name for the job (ct1-c) and specify a location in which to save the job (in this example, the JobG folder). Then click Next.
  3. On the Component Templates (Step 2) page, ensure that the ct1 template is selected, and click Next.
  4. On the Components (Step 3) page, select the target server (the Linux computer where the files that you want to check for permissions are located), and then click Next.
  5. Click Next on the Auto-Remediation (Step 4) page and Next again on the Default Notifications (Step 5) page.
  6. On the Schedules (Step 6) page, select Execute Job Now, and then click Next.
  7. Click Next on the Properties (Step 7) page and Finish on the Permissions (Step 8) page.
    The Compliance Job executes. The following figure shows the job while it is executing.

Showing Compliance Job results

Right-click the ct1-c Compliance Job and select Show Results.

Compliance result are displayed, listing file permissions.

Was this page helpful? Yes No Submitting... Thank you

Comments