Walkthrough: Loading compliance content
This topic walks you through the process of loading compliance content. It includes the following sections:
The video at right demonstrates the process of installing compliance content.
This topic is intended for system administrators who are in charge of enforcing regulatory compliance in the data center.
The goal of this topic is to demonstrate how to install out-of-the-box Compliance Content libraries into BMC Server Automation (BSA), so that you can use the component templates in these libraries as the basis for analyzing regulatory compliance in your data center.
What is compliance content?
BMC Server Automation Compliance Content libraries contain rule sets to automatically analyze the compliance of servers with regulatory standards and best-practice policies, including HIPAA, DISA STIG, SOX, PCI, and CIS. Results from analyses performed based on Compliance Content component templates can be used both to document the current situation (that is, to generate compliance reports) and as a basis for bringing non-compliant servers into full compliance with the standard (that is, to perform compliance remediation).
For more information, see Overview of Compliance Content add-ons.
What do I need to do before I get started?
- This example assumes that you have already performed the following tasks in your BSA environment:
- Restarted the RSCD Agent on the BSA file server since the BSA Application Server was installed.
- Verified that the requirements for installing compliance content are met on the Application Server.
- Downloaded BSA installation files from the BMC Software Electronic Product Distribution (EPD) website, extracted the downloaded packages, and located the Compliance Content installation executable file (with a name such as Content86-WIN, depending on the exact version number and operating system).
- Excluded the Compliance Content installation executable file from Windows Data Execution Prevention (DEP), as described in the "Before you begin" section in Installing components on Microsoft Windows.
- For this walkthrough, we have logged on as BLAdmin, the default superuser for BSA. Note that in live deployments, BMC recommends that you grant access based on roles with a narrower set of permissions. Ensure that the role that you use has permission to write to the Component Templates and Depot folders and to create properties in component templates and depot files.
How to load compliance content
This section walks you through the process of installing and loading compliance content into the BSA Application Server on a Microsoft Windows or Linux computer:
In the temporary folder where you stored the BMC Server Automation installers that you downloaded from the EPD site, locate the Compliance Content installation executable file. This file has a name (for example, Content86-WIN for Microsoft Windows or Content86-LIN for Linux), depending on the exact version number and operating system.
Run the Compliance Content installation executable file to launch the Compliance Content installation wizard.
|Click Next on the Welcome page.|
|Select I agree to the terms of the license agreement, and then click Next.|
|4||Choose a profile and specify a BMC Server Automation user and password for loading the compliance content, and then click Next.|
Accept the detected Application Server host name where compliance content will be loaded, and then click Next.
Click here if you are installing content in a multi-Application Server environment.
In a multi-server environment, to load content on multiple Application Servers within the same environment (connected to the same BMC Server Automation core database), select the check box that indicates a multi-server environment before you click Next. Then in the next window, enter the names or IP addresses of any additional application servers, one in each row, and click Next.
To successfully install content in a multi-server environment, the system user running the installer must have Network Shell write access to the application servers. For example, if you are logged onto the OS and you started the Compliance Content installer as Administrator, you need to have an entry such as the following in the users.local file on all of the Application Servers targeted by the installer:
|6||To view the variety of component templates that are installed by the Compliance Content installer or to select which ones to install, choose a Custom installation, and then click Next.|
|7||From the tree display select the policies and operating systems for which you want component templates for the analysis of regulatory compliance, and then click Next.|
Accept the default location for the temporary directory where compliance content will be extracted or specify a different location, and then click Next.
The default directory is C:\Program Files\BMC Software\Content on Windows or /opt/bmc/Content on Linux or UNIX.
|9||On the Preview page click Install.|
After installation has completed (this might take some time, depending on how many component templates you selected to install), you can optionally click View Log to open the installation log.
To exit the installation wizard, click Done.
Click here to view the location of the installation log file.
An installation log file named content_install_log.txt is created in the following directory:
|11||To verify that the Compliance Content libraries have loaded successfully, open the Component Templates folder in the BMC Server Automation console and browse through the newly created subfolders of component templates for the various policies.|
For more detailed installation instructions (including silent installation), see Installing and configuring Compliance Content add-ons.
Wrapping it up
Congratulations! You have successfully loaded compliance content libraries. The component templates provided in these libraries are ready for use in policy-based compliance analyses, as described in Walkthrough: Compliance audit based on a policy.
Where to go from here
For an example of a policy-based compliance audit, see Walkthrough: Compliance audit based on a policy.