Walkthrough: Creating remediation objects for a compliance template
This topic walks you through the process of using BMC BladeLogic Server Automation (BSA) to create a remediation object that can be deployed to servers that fail a Compliance Job. Deploying the remediation object can make the failed server compliant. This topic includes the following sections:
This topic is intended for system administrators and compliance officers who are responsible for ensuring that server configurations adhere to industry and organizational standards.
The goal of this topic is to demonstrate how to create a remediation object that can be attached to a component template. When a target server fails a Compliance Job based on that component template, the remediation object can be deployed to the target to make the server compliant.
This walkthrough continues the process of creating a compliance template, described in a separate walkthrough on creating compliance rules.
What does this walkthrough show?
This walkthrough shows how to create a remediation object, which in this case is a simple BLPackage that consists of two security settings related to password handling. The BLPackage is associated with a component template. The template can be used as the basis of a Compliance Job that tests whether components on servers satisfy the two password rules. (For a description of how execute a Compliance Job, see Walkthrough: Compliance audit based on a policy.) If a target of the Compliance Job fails the compliance tests, you an deploy the remediation object so the target is made compliant.
What do I need to do before I get started?
You must create a component template that includes compliance rules, as described in Walkthrough: Creating a compliance template.
For this walkthrough, we have logged on as BLAdmin, the default superuser for BSA. In live deployments, BMC recommends that you grant access based on roles with a narrower set of permissions
How to create a remediation objects for a compliance template
Using the Depot folder in BSA, navigate to a location where you want to create a BLPackage. Right-click and select New > BLPackage. A wizard opens that guides you through the process of creating a BLPackage.
On the General panel of the wizard, enter a name for the BLPackage. Under Create Package from, make sure that Live server objects is selected. Then click Next.
On the Select Server Objects panel, take the following steps:
Selecting server objects
Selected objects listed in the wizard
In the Depot folder, navigate to the BLPackage you just created, right-click it, and select Open. The BLPackage opens for editing. It consists of two security settings.
Edit the first setting.
Edit the next setting.
Close the BLPackage and open a component template.
Provide remediation information for each rule.
Contents of the rule group
Remediation for a compliance rule
Wrapping it up
Congratulations. You have created a remediation object that can be attached to component template. When that template is used in a Compliance Job and the job detects targets that are not compliant, you can deploy the remediation object to change the target's configuration so it becomes compliant.
Where to go from here
See Walkthrough: Compliance audit based on a policy for a description of how to use a component template to run a Compliance Job.
The BSA documentation provides detailed instructions on setting up compliance rules in a compliance template.