• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    Server Automation Documentation

    Page tree

    During the installation of Compliance Content libraries, groups of out-of-the-box component templates are saved in BMC Server Automation. These templates contain compliance rules for regulatory standards and best practice policies (HIPAA, PCI, SOX, DISA, and CIS), and were designed specifically for analyzing compliance with these policies.

    For a full list of Compliance Content component templates, see Overview of Compliance Content add-ons.

    This topic contains the following sections related to modifying the out-of-the-box Compliance Content component template:


    Considerations for modifying Compliance Content component templates

    If necessary, you can modify and refine the Compliance Content component templates to suit your unique needs. For procedures for editing and modifying component templates, see Editing a component template.

    When editing these templates, note their special characteristics:

    • On the General tab of all Compliance Content component templates, only the Discover and Compliance operations are allowed. Remediation of compliance results is also allowed, but not auto-remediation.
    • On the Discover tab, the signature is designed to discover components that run a specific operating system and sometimes a specific OS version.
    • Multiple compliance rules are grouped together in rule groups on the Compliance tab. Reference numbers for these rule groups and rules follow a decimal (or scientific) numbering system, to enable easy navigation of the rules. You can open any rule to view its description on the General tab in the Rule Editor. Some rules include remediation options on the Remediation tab in the Rule Editor. The rule itself appears on the Rule Definition tab in the Rule Editor, and should be modified only by expert users who are highly proficient in both the regulatory standard or policy and in the task of defining compliance rules.

      For full instructions on defining or modifying compliance rules, see Adding or editing a compliance rule.

    Limitations in the export and import of Compliance Content

    After you edit the component templates and tailor them to your needs, you might want to export them from one BMC Server Automation system and import them to multiple other BMC Server Automation systems. For information about exporting and importing BMC Server Automation objects, see Import and export concepts.

    To successfully use the imported component templates, note the following limitations in the export and import of Compliance Content:

    • The batch-type Scale Jobs provided by BMC Server Automation Compliance Content are not exported and imported along with the component templates. You must export and import them separately.
    • The following directories, which contain NSH scripts used by the compliance rules, must be copied manually to the target BMC Server Automation systems:
      • appserverInstallDirectory/share/sensors on the Application Server
      • appserverInstallDirectory/storage/extended_objects on the file server

    Uncommenting duplicate rules for rule-group remediation

    Within the SOX component templates, certain rules are duplicated and appear in two different rule groups. This duplication enables you to remediate components that failed a SOX Compliance Job for a single rule group rather than for all compliance rules in the component template.

    However, since remediation at the template level is expected to be more common than remediation at rule group level, the component template is delivered out-of-the-box with all such duplicate rules commented out, so that remediation at template level is performed only once (for the first occurrence of the rule).

    If you plan to remediate failed SOX components for a single rule group, you must uncomment the duplicate rules within the rule group before you run the SOX Compliance Job (as described below). 

    Note

    In addition to the rules listed in the following table, which are duplicated across rule groups, several rules are duplicated within the same rule group. In the case of rules duplicated within the same group, the later appearance of the rule (that is, the rule with the higher reference number) is not commented out. Instead, remediation is turned on only for the first occurrence of the rule, while turned off for any duplicate occurrence of the rule within the group. The following rules are duplicated within the same rule group:

    • In the SOX - AIX component template: DS 9.1.2.1 as DS 9.1.5.12 and DS 9.1.5.13
    • In the SOX - Windows Server 2003 component template:
      • DS 5.5.1.1 as DS 5.5.3
      • DS 5.5.1.4 as DS 5.5.2
      • DS 5.5.1.8, DS 5.5.1.10, and DS 5.5.1.12 in DS 5.5.6

    Rule group of duplicate ruleCommented-out duplicate ruleFirst appearance of the rule
    SOX - AIX component template  
    DS 9.1.3DS 9.1.3.1DS 5.5.1.1
    DS 9.1.3DS 9.1.3.2DS 5.5.1.2
    DS 9.1.3DS 9.1.3.3DS 5.5.1.3
    DS 9.1.3DS 9.1.3.4DS 5.5.1.4
    SOX - HPUX component template  
    DS 9.1.3DS 9.1.2.4DS 5.5.6.29
    DS 9.1.3DS 9.1.3.2DS 5.5.1.2
    DS 9.1.3DS 9.1.3.3DS 5.5.1.3
    DS 9.1.3DS 9.1.3.4DS 5.5.1.4
    DS 9.1.5DS 9.1.5.14DS 5.7.1.2
    DS 9.1.5DS 9.1.5.15DS 5.7.1.3
    DS 9.1.5DS 9.1.5.16DS 5.7.1.4
    DS 9.1.5DS 9.1.5.17DS 5.7.1.5
    SOX - RedHat Linux component template  
    DS 9.1.3DS 9.1.3.1DS 5.5.1.1
    DS 9.1.3DS 9.1.3.2DS 5.5.1.2
    DS 9.1.3DS 9.1.3.3DS 5.5.1.3
    DS 9.1.3DS 9.1.3.4DS 5.5.1.4
    DS 9.1.5DS 9.1.5.14DS 5.7.1.2
    DS 9.1.5DS 9.1.5.15DS 5.7.1.3
    DS 9.1.5DS 9.1.5.16DS 5.7.1.4
    DS 9.1.5DS 9.1.5.17DS 5.7.1.5
    SOX - Solaris 8-9 component template  
    DS 9.1.3DS 9.1.3.2.1DS 5.5.1.2.1
    DS 9.1.3DS 9.1.3.2.2DS 5.5.1.2.2
    DS 9.1.3DS 9.1.3.2.3DS 5.5.1.2.3
    DS 9.1.3DS 9.1.3.2.4DS 5.5.1.2.4
    DS 9.1.3DS 9.1.3.2.5DS 5.5.1.2.5
    DS 9.1.3DS 9.1.3.2.6DS 5.5.1.2.6
    DS 9.1.3DS 9.1.3.2.7DS 5.5.1.2.7
    DS 9.1.3DS 9.1.3.3DS 5.5.1.3
    DS 9.1.3DS 9.1.3.4DS 5.5.1.4
    DS 9.1.3DS 9.1.3.5DS 5.5.1.5
    DS 9.1.3DS 9.1.3.6DS 5.5.1.6
    DS 9.1.5DS 9.1.5.1DS 5.7.1.1
    DS 9.1.5DS 9.1.5.2DS 5.7.1.2
    DS 9.1.5DS 9.1.5.3DS 5.7.1.3
    DS 9.1.5DS 9.1.5.4DS 5.7.1.4
    DS 9.1.5DS 9.1.5.5DS 5.7.1.5
    DS 9.1.5DS 9.1.5.6DS 5.7.1.6
    DS 9.1.5DS 9.1.5.7DS 5.7.1.7
    DS 9.1.5DS 9.1.5.8DS 5.7.1.8
    DS 9.1.5DS 9.1.5.9DS 5.7.1.9
    DS 9.1.5DS 9.1.5.10DS 5.7.1.10
    DS 9.1.5DS 9.1.5.11DS 5.7.1.11
    DS 9.1.5DS 9.1.5.12DS 5.7.1.12
    DS 9.1.5DS 9.1.5.13DS 5.7.1.13
    DS 9.1.5DS 9.1.5.14DS 5.7.1.14
    DS 9.1.5DS 9.1.5.15DS 5.7.1.15
    DS 9.1.5DS 9.1.5.16DS 5.7.1.16
    DS 9.1.5DS 9.1.5.17DS 5.7.1.17
    DS 9.1.5DS 9.1.5.18DS 5.7.1.18
    DS 9.1.5DS 9.1.5.19DS 5.7.1.19
    DS 9.1.5DS 9.1.5.20DS 5.7.1.20
    DS 9.1.5DS 9.1.5.21DS 5.7.1.21
    DS 9.1.5DS 9.1.5.22DS 5.7.1.22
    DS 9.1.5DS 9.1.5.23DS 5.7.1.23
    DS 9.1.5DS 9.1.5.24DS 5.7.1.24
    DS 9.1.5DS 9.1.5.25DS 5.7.1.25
    DS 9.1.5DS 9.1.5.26DS 5.7.1.26
    SOX - Solaris 10 component template  
    DS 9.1.3DS 9.1.3.2.1DS 5.5.1.2.1
    DS 9.1.3DS 9.1.3.2.2DS 5.5.1.2.2
    DS 9.1.3DS 9.1.3.2.3DS 5.5.1.2.3
    DS 9.1.3DS 9.1.3.2.4DS 5.5.1.2.4
    DS 9.1.3DS 9.1.3.2.5DS 5.5.1.2.5
    DS 9.1.3DS 9.1.3.2.6DS 5.5.1.2.6
    DS 9.1.3DS 9.1.3.2.7DS 5.5.1.2.7
    DS 9.1.3DS 9.1.3.3DS 5.5.1.3
    DS 9.1.3DS 9.1.3.4DS 5.5.1.4
    DS 9.1.5DS 9.1.5.1DS 5.7.1.1
    DS 9.1.5DS 9.1.5.2DS 5.7.1.2
    DS 9.1.5DS 9.1.5.3DS 5.7.1.3
    DS 9.1.5DS 9.1.5.4DS 5.7.1.4
    DS 9.1.5DS 9.1.5.5DS 5.7.1.5
    DS 9.1.5DS 9.1.5.6DS 5.7.1.6
    DS 9.1.5DS 9.1.5.7DS 5.7.1.7
    DS 9.1.5DS 9.1.5.8DS 5.7.1.8
    DS 9.1.5DS 9.1.5.9DS 5.7.1.9
    DS 9.1.5DS 9.1.5.10DS 5.7.1.10
    DS 9.1.5DS 9.1.5.11DS 5.7.1.11
    DS 9.1.5DS 9.1.5.12DS 5.7.1.12
    DS 9.1.5DS 9.1.5.13DS 5.7.1.13
    DS 9.1.5DS 9.1.5.14DS 5.7.1.14
    DS 9.1.5DS 9.1.5.15DS 5.7.1.15
    DS 9.1.5DS 9.1.5.16DS 5.7.1.16
    DS 9.1.5DS 9.1.5.17DS 5.7.1.17
    DS 9.1.5DS 9.1.5.18DS 5.7.1.18
    DS 9.1.5DS 9.1.5.19DS 5.7.1.19
    DS 9.1.5DS 9.1.5.20DS 5.7.1.20
    DS 9.1.5DS 9.1.5.21DS 5.7.1.21
    DS 9.1.5DS 9.1.5.22DS 5.7.1.22
    DS 9.1.5DS 9.1.5.23DS 5.7.1.23
    DS 9.1.5DS 9.1.5.24DS 5.7.1.24
    DS 9.1.5DS 9.1.5.25DS 5.7.1.25
    DS 9.1.5DS 9.1.5.26DS 5.7.1.26
    DS 9.1.5DS 9.1.5.27DS 5.7.1.27
    DS 9.1.5DS 9.1.5.28DS 5.7.1.28
    DS 9.1.5DS 9.1.5.29DS 5.7.1.29
    DS 9.1.5DS 9.1.5.32DS 5.7.1.30
    DS 9.1.5DS 9.1.5.33DS 5.7.1.31
    SOX - SuSE Linux 9-10 component template  
    DS 9.1.3DS 9.1.3.1DS 5.5.1.1
    DS 9.1.3DS 9.1.3.2DS 5.5.1.2
    DS 9.1.3DS 9.1.3.3DS 5.5.1.3
    DS 9.1.3DS 9.1.3.4DS 5.5.1.4
    DS 9.1.3DS 9.1.3.5DS 5.5.1.5
    DS 9.1.3DS 9.1.3.6DS 5.5.1.6
    DS 9.1.3DS 9.1.3.7DS 5.5.1.7
    DS 9.1.3DS 9.1.3.8DS 5.5.1.8
    DS 9.1.3DS 9.1.3.9DS 5.5.1.9
    DS 9.1.5DS 9.1.5.15DS 5.7.1.9
    DS 9.1.5DS 9.1.5.16DS 5.7.1.10
    DS 9.1.5DS 9.1.5.17DS 5.7.1.11
    DS 9.1.5DS 9.1.5.18DS 5.3.12.3
    DS 9.1.5DS 9.1.5.20DS 5.7.1.12
    SOX - Windows Server 2003 component template  
    DS 9.1.3DS 9.1.3.1DS 5.5.1.1
    DS 9.1.3DS 9.1.3.2DS 5.5.1.2
    DS 9.1.3DS 9.1.3.3DS 5.5.1.3
    DS 9.1.3DS 9.1.3.4DS 5.5.1.4
    DS 9.1.3DS 9.1.3.5DS 5.5.1.5
    DS 9.1.3DS 9.1.3.6DS 5.5.1.6
    DS 9.1.3DS 9.1.3.7DS 5.5.1.7
    DS 9.1.3DS 9.1.3.8DS 5.5.1.8
    DS 9.1.3DS 9.1.3.9DS 5.5.1.9
    DS 9.1.3DS 9.1.3.10DS 5.5.1.10
    DS 9.1.3DS 9.1.3.11DS 5.5.1.11
    DS 9.1.3DS 9.1.3.12DS 5.5.1.12

    To uncomment rules

    1. On the Compliance tab in the content editor of the relevant component template, navigate to the compliance rule or rules that you want to uncomment.
    2. Select one or more compliance rules, right-click, and select Uncomment.
    © Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.