Walkthrough: Loading compliance content

This topic walks you through the process of loading compliance content. It includes the following sections:

The video at right demonstrates the process of installing compliance content.

icon-play2x.png  https://youtu.be/pd-0D7sFD78

Introduction

This topic is intended for system administrators who are in charge of enforcing regulatory compliance in the data center.

The goal of this topic is to demonstrate how to install out-of-the-box Compliance Content libraries into BMC Server Automation (BSA), so that you can use the component templates in these libraries as the basis for analyzing regulatory compliance in your data center.  

What is compliance content?

BMC Server Automation Compliance Content libraries contain rule sets to automatically analyze the compliance of servers with regulatory standards and best-practice policies, including HIPAA, DISA STIG, SOX, PCI, and CIS. Results from analyses performed based on Compliance Content component templates can be used both to document the current situation (that is, to generate compliance reports) and as a basis for bringing non-compliant servers into full compliance with the standard (that is, to perform compliance remediation).

For more information, see Overview-of-Compliance-Content-add-ons.

What do I need to do before I get started?

  • This example assumes that you have already performed the following tasks in your BSA environment:
  • For this walkthrough, we have logged on as BLAdmin, the default superuser for BSA.  Note that in live deployments, BMC recommends that you grant access based on roles with a narrower set of permissions. Ensure that the role that you use has permission to write to the Component Templates and Depot folders and to create properties in component templates and depot files.

How to load compliance content

This section walks you through the process of installing and loading compliance content into the BSA Application Server on a Microsoft Windows computer:

 

Procedure

Example screen

1

In the temporary folder where you stored the BMC Server Automation installers that you downloaded from the EPD site, locate the Compliance Content installation executable file. This file has a name such as Content86-WIN, depending on the exact version number and operating system.

Run the Compliance Content installation executable file to launch the Compliance Content installation wizard.

contentInstaller.jpg

2

Click Next on the Welcome page.

contentWelcome.jpg

3

Select I agree to the terms of the license agreement, and then click Next.

contentLicense.jpg

4

Choose a profile and specify a BMC Server Automation user and password for loading the compliance content, and then click Next.

contentAuthProfile.jpg

5

Accept the detected Application Server host name where compliance content will be loaded, and then click Next.

Click here if you are installing content in a multi-Application Server environment.

In a multi-server environment, to load content on multiple Application Servers within the same environment (connected to the same BMC Server Automation core database), select the check box that indicates a multi-server environment before you click Next. Then in the next window, enter the names or IP addresses of any additional application servers, one in each row, and click Next.

To successfully install content in a multi-server environment, the system user running the installer must have Network Shell write access to the application servers. For example, if you are logged onto the OS and you started the Compliance Content installer as Administrator, you need to have an entry such as the following in the users.local file on all of the Application Servers targeted by the installer: Administrator rw,map=Administrator

contentAppserver.jpg

6

To view the variety of component templates that are installed by the Compliance Content installer or to select which ones to install, choose a Custom installation, and then click Next.

contentFullCustom.jpg

7

From the tree display select the policies and operating systems for which you want component templates for the analysis of regulatory compliance, and then click Next.

contentSelection.jpg

8

Accept the default location for the temporary directory where compliance content will be extracted or specify a different location, and then click Next.

The default directory is C:\Program Files\BMC Software\Content on Windows or /opt/bmc/Content on Linux or UNIX.

contentDir.jpg

9

On the Preview page click Install.

contentPreview.jpg

10

After installation has completed (this might take some time, depending on how many component templates you selected to install), you can optionally click View Log to open the installation log.

To exit the installation wizard, click Done.

Click here to view the location of the installation log file.

An installation log file named content_install_log.txt is created in the following directory:

  • On Linux: /tmp
  • On Solaris UNIX: /var/tmp
  • On Windows: %USER_HOME%\Local Settings\Temp (for example: C:\Documents and Settings\Administrator\Local Settings\Temp)

contentSummary.jpg

11

To verify that the Compliance Content libraries have loaded successfully, open the Component Templates folder in the BMC Server Automation console and browse through the newly created subfolders of component templates for the various policies.

browsingCC.jpg

For more detailed installation instructions (including silent installation), see Installing-Compliance-Content-add-ons.

Wrapping it up

Congratulations! You have successfully loaded compliance content libraries. The component templates provided in these libraries are ready for use in policy-based compliance analyses, as described in Walkthrough-Compliance-audit-based-on-a-policy.

Where to go from here

For an example of a policy-based compliance audit, see Walkthrough-Compliance-audit-based-on-a-policy.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*