Updating CIS for CentOS Linux 7 to newer benchmarks
This document provides information about the hotfix containing Center for Internet Security (CIS) templates for CentOS Linux 7 Benchmark Version 2.2.0. This template contains implementation for 223 rules that can be installed on TrueSight Server Automation 8.9.00 onwards.
This template contains the following types of rules:
- Number of rules that check for compliance and provides remediation - 175
- Number of rules that check for compliance but do not provide remediation - 42
- Number of rules that do not check for compliance and do not provide remediation - 6
The following are the details of the rules that are divided into parts:
- Number of rules that are not divided into parts - 189
- Number of rules that are divided into two parts - 26 ( 26*2 =52)
- Number of rules that are divided into three parts - 10 (10*3 =30)
The current rule count as per CIS - CentOS Linux 7 template after running the compliance job is 271 (189 + 52 + 30).
Before you begin
Before you install this hotfix, ensure that you perform the following:
- Ensure that all compliance content provided by BMC in your environment is at least updated to version 8.9.
- For all application servers in your environment, back up the <Application_Server_installation_directory >/share/sensors directory. This directory contains extended object scripts.
Downloading the Rolling Update
You obtain the files from the following FTP location:
The following tables list the files to download for the compliance content.
CIS - CentOS Linux 7.zip
Installing and importing the template
Perform the following steps on all the Application Servers:
Log on to the Application Server as a user with root or administrator privileges.
Ensure that you have downloaded the zip files from the FTP location to the Application Server and verified the checksum.
Extract the extended_objects.zip file to a temporary directory on your Application Server.
- Replace the extended object scripts on the application servers in the following directory:
- As a BLAdmin user, log on to the TrueSight Server Automation Console.
- In the left navigation pane, right-click Component Templates and select Import.
- In the Import Wizard window, select the Import (Version-neutral) option.
- Select the CIS - CentOS Linux 7.zip package from the temporary location and click Next.
Ensure that you select the Update objects according to the imported package and Preserve template group path options and click Next.
Navigate to the last screen of the wizard and then click Finish.
- Click OK.
Review the Import Results tab and ensure that the templates are imported successfully.
- Click OK.