Before running a Compliance Job for the first time based on any of the Compliance Content component templates, ensure that the values for the relevant server properties are correct within the property class instances created for each of the relevant local servers. If local values differ from the default values, tailor these property values to the unique needs of your local system.
The following sections list the properties in the Server built-in property class for each policy type:
For more information about setting property values and creating or modifying property class instances, see Working-with-properties.
HIPAA properties in the Server built-in property class
The following HIPAA properties are included in the Server built-in property class. Ensure that property values are correct within the property class instances created for each of the relevant local servers.
WarningThe macro csv from Confluence is no longer available.
Back to top
DISA properties in the Server built-in property class
The following DISA properties are included in the Server built-in property class. Ensure that property values are correct within the property class instances created for each of the relevant local servers.
WarningThe macro csv from Confluence is no longer available.
WarningNotes
- The DISA Windows Exchange Server Check property class stores properties for differentiating between an Exchange Server and a Non-Exchange Server. Two instances are provided out-of-the-box for this property class — the EXCHANGE_SERVER_INSTANCE instance with property values for an Exchange Server, and the NONEXCHANGE_SERVER_INSTANCE instance with property values for a Non-Exchange Server.
- The DISA Windows DC And Member Server Security Settings property class stores properties for differentiating between a Domain Controller and a Member Server. Two instances are provided out-of-the-box for this property class — the DOMAIN_CONTROLLER_SETTINGS instance with property values that represent Domain Controller security settings, and the MEMBER_SERVER_SETTINGS instance with property values that represent Member Server security settings.
- The following directories are excluded from compliance-related operations:
- The BladeLogic installation directory is excluded by default
- Locations specified in the EXCLUDED_DIR property
- The following directories are also excluded: /tcb, /dev, /proc, /vol, /xfn, /cdrom, and /mnt
- The directories of mounted file system devices are also excluded.
Back to top
CIS properties in the Server built-in property class
The following CIS properties are included in the Server built-in property class. Ensure that property values are correct within the property class instances created for each of the relevant local servers.
WarningThe macro csv from Confluence is no longer available.
WarningNote
The following directories are excluded from compliance-related operations:
- The BladeLogic installation directory is excluded by default
- Locations specified in the EXCLUDED_DIR property
- The following directories are also excluded: /tcb, /dev, /proc, /vol, /xfn, /cdrom, and /mnt
- The directories of mounted file system devices are also excluded.
Back to top
PCI properties in the Server built-in property class
The following PCI properties are included in the Server built-in property class. Ensure that property values are correct within the property class instances created for each of the relevant local servers.
WarningThe macro csv from Confluence is no longer available.
The following additional properties are available in the Server built-in property class if you have installed the PCIv2 template.
WarningThe macro csv from Confluence is no longer available.
The following additional properties are available in the Server built-in property class if you have installed the PCIv3 template.
| | |
|---|
| Type of windows target server, Domain Controller(DC) or Member sever(MS) | |
| The Machine is used as a domain controller | |
| The checks not performed by the tool need manual review. The value for this property should be TRUE if manual review is not complete, FALSE otherwise. | |
| | |
| | |
| The name and path of the default instance of the PCI property class,Class://SystemObject/PCI Properties/Enterprise Domain Controller (for Microsoft Windows) | |
| Configuration Manager RSCD Agent Installation Directory | |
WarningNote
The following directories are excluded from compliance-related operations:
- The BladeLogic installation directory is excluded by default
- Locations specified in the EXCLUDED_DIR property
- The following directories are also excluded: /tcb, /dev, /proc, /vol, /xfn, /cdrom, and /mnt
- The directories of mounted file system devices are also excluded.
- For the Group World Writable Directory, Find Unauthorized World-Writable Files, and Find World-Writable Directory with Sticky Bit Set rules: /var/adm/ras/conslog, /var/tmp, /tmp, /dev/screen, /system/contract/process, /var/mail, /var/preserve, and /var/spool.
- For the Find Unauthorized SUID & SGID System Executables rule: /proc/, /adm/sw, and /usr/nsh.
Back to top
SOX properties in the Server built-in property class
The following SOX properties are included in the Server built-in property class. Ensure that property values are correct within the property class instances created for each of the relevant local servers.
WarningThe macro csv from Confluence is no longer available.
WarningNote
The following directories are excluded from compliance-related operations:
- The BladeLogic installation directory is excluded by default
- Locations specified in the EXCLUDED_DIR property
- The following directories are also excluded: /tcb, /dev, /proc, /vol, /xfn, /cdrom, and /mnt
- The directories of mounted file system devices are also excluded.
- For the Group World Writable Directory, Find Unauthorized World-Writable Files, and Find World-Writable Directory with Sticky Bit Set rules: /var/adm/ras/conslog, /var/tmp, /tmp, /dev/screen, /system/contract/process, /var/mail, /var/preserve, and /var/spool.
- For the Find Unauthorized SUID & SGID System Executables rule: /proc/, /adm/sw, and /usr/nsh.
Where to go from here
Modifying-out-of-the-box-component-templates
