Customizing and running Scale Jobs for large numbers of servers

A group of out-of-the-box jobs stored in the Jobs folder, in a folder named Compliance Content Scale Jobs, can help you simplify the process of compliance analysis on UNIX and Linux servers when you have many target servers.

Compliance Content Scale Jobs are divided (in a series of sub-folders under the Compliance Content Scale Job folder) by type of policy (CIS, DISA, HIPAA, PCI, or SOX) and platform (that is, the version of the operating system on the target server).

Large-scale compliance analysis involves several jobs, as described in Choosing between a regular Compliance Job and a Batch Job. Each of the sub-folders contains the following jobs:

JobDescription
Scale Job

A Batch Job that runs an NSH Script Job and a Compliance Job (described in the next two rows).

NSH Script Job

Runs an NSH Script that prepares required caches asynchronously for all targets included in the Compliance Job. The associated NSH script is stored in the depot.

Compliance Job

Runs compliance analysis based on the relevant Compliance Content component template after the caches have been prepared.

 Click here for the full list of scale jobs for all supported policies and platforms.

The following table lists the available batch-type Scale Jobs and provides details about the NSH Script Job and Compliance Job contained in each Scale Job, as well as the name of the associated component template.

Tip

To fit the full table on the page, press f to view the page in full-screen mode. Press f again to return to the regular view.

Template nameName of Scale JobNSH Script Job nameNSH script nameCompliance Job name
CIS
CIS - SUSE Linux Enterprise Server 10CisSuse10ScaleJobBMCCacheCreatorCisSuse10findFilesCisSuse10ComplianceJob
CIS - Red Hat Enterprise Linux 7CisRhel7ScaleJobBMCCacheCreatorCisRhel7EO-RHEL7_findFiles_and_confCisRhel7ComplianceJob
CIS - RedHat Enterprise Linux 6

CisRhel6ScaleJob

BMCCacheCreatorCisRhel6EO-RHEL6_findFiles_and_confCisRhel6ComplianceJob
CIS - RedHat Enterprise Linux 5CisRhel5ScaleJobBMCCacheCreatorCisRhel5EO-RHEL5_findFiles_and_confCisRhel5ComplianceJob
CIS - Oracle Solaris 11.1CisSolaris11_1ScaleJobBMCCacheCreatorCisSolaris11_1EO-SOLARIS11_findFiles_and_confCisSolaris11_1ComplianceJob
CIS - AIX 7.1CisAix71ScaleJobBMCCacheCreatorCisAix71findFilesCisAix71ComplianceJob
CIS - AIX 5.3 and 6.1CisAix61ScaleJobBMCCacheCreatorCisAix61findFilesCisAix61ComplianceJob
DISA
DISA - Red Hat Enterprise Linux 6DisaRedhat6ScaleJobBMCCacheCreatorDisaRedhat6EO-RHEL6_findFiles_and_confDisaRedhat6ComplianceJob
DISA - Red Hat Enterprise Linux 5DisaRedhat5ScaleJobBMCCacheCreatorDisaRedhat5EO-RHEL5_findFiles_and_confDisaRedhat5ComplianceJob
DISA - Solaris 11 X86DisaSolaris11x86ScaleJobBMCCacheCreatorDisaSolaris11x86EO-SOLARIS11X86_findFiles_and_confDisaSolaris11x86ComplianceJob
DISA - Solaris 11 SPARCDisaSolaris11SparcScaleJobBMCCacheCreatorDisaSolaris11SparcEO-SOLARIS11SPARC_findFiles_and_confDisaSolaris11SparcComplianceJob
DISA - Solaris 10 X86DisaSolaris10x86ScaleJobBMCCacheCreatorDisaSolaris10x86EO-SOLARIS10X86_findFiles_and_confDisaSolaris10x86ComplianceJob
DISA - Solaris 10 SPARCDisaSolaris10SparcScaleJobBMCCacheCreatorDisaSolaris10SparcEO-SOLARIS10SPARC_findFiles_and_confDisaSolaris10SparcComplianceJob
DISA - AIX 6.1DisaAix61ScaleJobBMCCacheCreatorDisaAix61EO-AIX61_findFiles_and_confDisaAix61ComplianceJob
DISA - HP-UX 11.31DisaHpux1131ScaleJobBMCCacheCreatorDisaHpux1131

EO-HPUX1131_findFiles_and_conf

DisaHpux1131ComplianceJob
DISA - HP-UX 11.23DisaHpux1123ScaleJobBMCCacheCreatorDisaHpux1123EO-HPUX1123_findFiles_and_confDisaHpux1123ComplianceJob
HIPAA
HIPAA - Red Hat Enterprise Linux 7HipaaRhel7ScaleJobBMCCacheCreatorHipaaRhel7findFilesHipaaRhel7ComplianceJob
HIPAA - Red Hat Enterprise Linux 6HipaaRhel6ScaleJobBMCCacheCreatorHipaaRhel6findFilesHipaaRhel6ComplianceJob
HIPAA - Red Hat Enterprise Linux 5HipaaRhel5ScaleJobBMCCacheCreatorHipaaRhel5findFilesHipaaRhel5ComplianceJob
HIPAA - AIXHipaaAixScaleJobBMCCacheCreatorHipaaAixfindFilesHipaaAixComplianceJob
PCIv3, PCIv2, and PCI
PCI Data Security Standard v3 - Red Hat Enterprise Linux 7Pciv3Rhel7ScaleJobBMCCacheCreatorPciv3Rhel7EO-RHEL7_findFiles_and_confPciv3Rhel7ComplianceJob
PCI Data Security Standard v3 - Red Hat Enterprise Linux 6Pciv3Rhel6ScaleJobBMCCacheCreatorPciv3Rhel6EO-RHEL6_findFiles_and_confPciv3Rhel6ComplianceJob
PCI Data Security Standard v2 - Red Hat Enterprise Linux 5Pciv2Rhel5ScaleJobBMCCacheCreatorPciv2Rhel5findFilesPciv2Rhel5ComplianceJob
PCI Data Security Standard v3 - SUSE Linux Enterprise Server 11Pciv3Suse11ScaleJobBMCCacheCreatorPciv3Suse11findFilesPciv3Suse11ComplianceJob
PCI Data Security Standard v3 - SUSE Linux Enterprise Server 10Pciv3Suse10ScaleJobBMCCacheCreatorPciv3Suse10findFilesPciv3Suse10ComplianceJob
PCI Data Security Standard v3 - AIX 7.1Pciv3Aix71ScaleJobBMCCacheCreatorPciv3Aix71findFilesPciv3Aix71ComplianceJob
PCI Data Security Standard v3 - AIX 5.3 and 6.1Pciv3Aix53and61ScaleJobBMCCacheCreatorPciv3Aix53and61findFilesPciv3Aix53and61ComplianceJob
PCI - Solaris10PciSolaris10ScaleJobBMCCacheCreatorPcibmc-findFilesPciSolaris10ComplianceJob
PCI - Solaris89PciSolaris89ScaleJobBMCCacheCreatorPcibmc-findFilesPciSolarisComplianceJob
PCI - HPUXPciHpuxScaleJobBMCCacheCreatorPcibmc-findFilesPciHpuxComplianceJob
SOX
SOX - AIXSoxAixScaleJobBMCCacheCreatorSoxbmc-findFilesSoxAixComplianceJob
SOX - HPUXSoxHpuxScaleJobBMCCacheCreatorSoxbmc-findFilesSoxHpuxComplianceJob
SOX - LinuxSoxLinuxScaleJobBMCCacheCreatorSoxbmc-findFilesSoxLinuxComplianceJob
SOX - Solaris 10SoxSolaris10ScaleJobBMCCacheCreatorSoxbmc-findFilesSoxSolaris10ComplianceJob
SOX - SolarisSoxSolarisScaleJobBMCCacheCreatorSoxbmc-findFilesSoxSolarisComplianceJob
SOX - SuSESoxSuseScaleJobBMCCacheCreatorSoxbmc-findFilesSoxSuseComplianceJob

To execute large-scale compliance analysis on Linux or UNIX

  1. Under the Jobs folder, navigate to the relevant sub-folder under the Compliance Content Scale Job folder (for the appropriate policy and Linux/UNIX platform).
  2. In this folder, right click the Scale Job, and select Open.
  3. On the Batch Job Options panel, under Server/Server Groups, ensure that Use the following servers for all jobs is selected, and specify the target servers where you want to analyze compliance.
    Target servers must match the operating system of the component template (also indicated within job names).

  4. Continue with scheduling the Batch Job as described in Creating and modifying Batch Jobs.
    The job is stored in the Jobs folder, in the subfolder that you specified for the job.

  5. If you want to change any of the following parameters of the NSH Script Job, which is executed by the Scale Job, you can change them in the appropriate script file in Depot/scale scripts Group through the NSH Script Editor. Your changes affect all jobs that call this script.

    Parameters in NSH Script Jobs for SOX and PCI

    Parameter

    Description

    CACHE_HRS

    The frequency (in hours) of cache refresh. The default is 24 hours.

    FORCEFIND

    To force an immediate cache refresh whenever the Compliance Job runs (overriding the CACHE_HRS parameter), change from the default value of n (no) to y (yes).

    SCAN_FOLDER

    Directory paths to be included in searches (excluding all others). Separate multiple directories with commas. This parameter takes precedence over the USER_DIRs parameter.

    USER_DIRs

    Directory paths to be excluded from searches. Separate multiple directories with commas.

    MAX_DISK_PERCENTAGE

    Maximum disk percentage allowed during cache preparation before the process is stopped and an error is issued. By default, the value for this parameter is 80.

    OS

    The operating system of the target server. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.OS??).

    STAGE_DIR

    The path to the staging directory on the target server. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.STAGING_DIR??).

    TARGET_RSCD_DIR

    The path to the RSCD Agent installation directory on the target server. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.RSCD_DIR??).

    Parameters in NSH Script Jobs for CIS, DISA, HIPAA, PCIv2 and PCIv3

    Parameter

    Description

    CACHE_HRS_VALUE

    The frequency (in hours) of cache refresh. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.CACHE_HRS??).

    FIND_FILES_TIMEOUT_VALUE

    The timeout (in minutes) of find files. The default is 0 (no timeout).

    EXCLUDED_DIR_VALUE

    Directory paths to be excluded from searches. Separate multiple directories with commas. By default, the value for this parameter is derived from a property in the target's Server property class (this is, ??TARGET.EXCLUDED_DIR??).

    FORCEFIND_VALUE

    To force an immediate cache refresh whenever the Compliance Job runs (overriding the CACHE_HRS_VALUE parameter)

    MAX_DISK_PERCENTAGE_VALUE

    Maximum disk percentage allowed during cache preparation before the process is stopped and an error is issued. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.MAX_DISK_PERCENTAGE??).

    RSCD_DIRECTORY_VALUE

    The RSCD directory to be excluded from the global search for non-compliant files. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.RSCD_DIR??).

    SCAN_DIRECTORY_VALUE

    The directory to use as the starting directory for the global search for non-compliant files. The default value for this parameter is the root directory (denoted by a single slash character, /).

    EXCLUDE_HOME_DIR_USER_LIST_VALUE

    Unix system user accounts where home should not be scanned. Default values are:

    • ??TARGET.CIS Properties.UNIX_EXCLUDE_HOME_DIR_USER_LIST??
    • ??TARGET.DISA Properties.UNIX_EXCLUDE_HOME_DIR_USER_LIST??
    • ??TARGET.PCI Properties.UNIX_EXCLUDE_HOME_DIR_USER_LIST??

Was this page helpful? Yes No Submitting... Thank you

Comments