Walkthrough: Audit a single configuration item

This topic walks you through the process of creating an Audit Job in BMC Server Automation (BSA). It includes the following sections:

The video at right demonstrates the process of creating an Audit Job.

https://youtu.be/XBoO6_vJGUs Open link

Introduction

This topic is intended for systems administrators with knowledge of server and infrastructure management, but who are new to BSA.

The goal for this topic is to perform an automated check of a server to determine if its configuration matches a standard configuration.

What is an Audit Job?

Audit Jobs allow you to specify a standard configuration and compare servers.

After running an Audit Job, you can view its results and quickly identify discrepancies. When you identify problems, you can bundle changes into a BLPackage and deploy them to a server so its configuration matches the standard. Audits can perform a security function by quickly identifying unauthorized changes to server configurations.

What does this walkthrough show?

This walkthrough compares two live servers with similar characteristics. One server has the correct configuration. It functions as the reference server, also known as the master server. The walkthrough determines whether the second server has a matching configuration.

What do I need to do before I get started?

You should make sure that you have the BSA Console installed on your workstation, and that you have the appropriate level of permissions to browse servers and run Audit Jobs.

For this walkthrough, you log on as BLAdmin, the default superuser for BSA. Note that in live deployments, BMC recommends you grant access based on roles with a narrower set of permissions.

How to audit a single configuration item

	Step	Example screen
1	Using the BSA Console, open the Servers folder and navigate to the master server. The master server is configured correctly. It can provide the basis for any audits you perform on similar servers. In this example, the master server is named vw-sjc-bsm-dv21. It resides in this folder structure: Servers/Compliance Control.
2	Right-click the master server and select Browse. A tab opens at right. It shows the many categories of information that are available in real time through live browsing.
3	In this example, we compare multiple configuration objects. One is the user called Guest. In the list of configuration objects at right, expand Local Users, select Guest, and then select Audit. The Audit Job wizard opens.
4	For Name, assign a name to the Audit Job. For Save in, browse to a location in the Jobs folder where you want to save the Audit Job.
5	Click Next. The Server Objects panel of the wizard appears. Currently the Audit Job is only considering the user Guest, as shown in the Server Objects list. In the following steps we add two more configuration settings to the audit.
6	Click Add . Expand the Services object, select DNS Client and then click Add Selected . DNS Client is added to the list of selected objects.
7	Scroll up to the the Event Logs object. Expand Event Logs, select System, and then click Add Selected . The System log is added to the list of selected objects. Click OK. The Audit wizard shows all the objects you are including in this audit.
8	In this step you identify settings for the Guest user that you want to audit. Select Guest. In the Snapshot/Audit Options pane, at bottom right, select Account Disabled (Windows). Each Configuration Object Type has its own set of audit options. The most commonly used options are selected by default, but you can tailor selections to your needs. Click Next. The Targets panel of the wizard appears.
9	Select the target servers that should be compared to the master server. You can select any combination of servers, server groups, and smart server groups. This allows you to compare the configuration of the master server to many targets. In this example, we select only one target named vw-sjc-bsm-dv14. Expand the Servers node. Navigate to the server or server groups that should be the target of this job. Select a target and then click Add Selected . Your selection appears in the list of selected targets at right. Click Next twice to display the Schedules panel.
10	On the Schedules panel, select Execute job now and click Finish. The Audit Job runs immediately. You have many options for scheduling jobs. For this example, we run the job immediately..
11	To monitor progress of a job, look at the Tasks in Progress View at bottom right. It provides details about the jobs currently executing. It also lets you cancel jobs in progress.
12	In the Jobs folder, select the Audit Job you just created, right-click, and select Show Results. Results appear in a tab at right.
13	Expand the job results, expand Object View, and select its contents. The results of an Audit Job can always be viewed from two perspectives. The Object View shows the configuration objects included in the audit and counts how many servers are consistent and inconsistent with the master. Red text denotes any server objects that inconsistent on target servers. In this example, the Guest account is inconsistent.
14	Expand Server View and select the server being audited. This example again shows inconsistencies for the Guest account.
15	Expand the target server and click on the Guest object. This view shows detailed results. You can see that on the target, the Guest account is enabled (Account Disabled = False) while on the master server, the account is disabled. This is a potential security problem.

Wrapping it up

This walkthrough has demonstrated how you can set up an Audit Job to define a standard configuration and automatically determine whether other servers match that standard. Wrapping it up

Where to go from here

Using Audit Job results, you can create a BLPackage that contains correct configuration settings and deploy them to any servers that do not meet your organizational standards.

Page tree