CIS: CentOS Linux 7

This document provides information about the hotfix containing Center for Internet Security (CIS) templates for CentOS Linux 7 Benchmark Version 2.2.0. This template contains implementation for 223 rules that can be installed on  TrueSight Server Automation 8.9.00 onwards.

This template contains the following types of rules:

  • Number of rules that check for compliance and provides remediation - 175
  • Number of rules that check for compliance but do not provide remediation - 42
  • Number of rules that do not check for compliance and do not provide remediation - 6 

The following are the details of the rules that are divided into parts:

  • Number of rules that are not divided into parts - 189
  • Number of rules that are divided into two parts - 26 ( 26*2 =52)
  • Number of rules that are divided into three parts - 10 (10*3 =30)

The current rule count as per CIS - CentOS Linux 7 template after running the compliance job is 271 (189 + 52 + 30).

Before you begin

Before you install this hotfix, ensure that you perform the following:

  • Ensure that all compliance content provided by BMC in your environment is at least updated to version 8.9.
  • For all application servers in your environment, back up the <Application_Server_installation_directory >/share/sensors directory. This directory contains extended object scripts.

Downloading the Rolling Update

You obtain the files from the following FTP location:

You must log in or register to view this page

The following tables list the files to download for the compliance content.

File name

Checksum

CIS - CentOS Linux 7.zip

470dac64a30850930d75ac92ef691fc8

extended_objects.zip

964f3f57ef31f58eb2b620f69a24851e

Installing and importing the template

  1. Perform the following steps on all the Application Servers:
    1. Log on to the Application Server as a user with root or administrator privileges.
    2. Ensure that you have downloaded the zip files from the FTP location to the Application Server and verified the checksum. 
    3. Extract the extended_objects.zip file to a temporary directory on your Application Server.
    4. Replace the extended object scripts on the application servers in the following directory:
      <Application_Server_installation_directory >/share/sensors/
  2. As a BLAdmin user, log on to the TrueSight Server Automation Console.
  3. In the left navigation pane, right-click Component Templates and select Import
  4. In the Import Wizard window, select the Import (Version-neutral) option.
  5. Select the CIS - CentOS Linux 7.zip package from the temporary location and click Next.
  6. Ensure that you select the Update objects according to the imported package and Preserve template group path options and click Next.
  7. Navigate to the last screen of the wizard and then click Finish.
  8. Click OK.
  9. Review the Import Results tab and ensure that the templates are imported successfully.

    Import_CIS_CentOSLinux7.png
  10. Click OK.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*