Customizing and running Scale Jobs for large numbers of servers

A group of out-of-the-box jobs stored in the Jobs folder, in a folder named Compliance Content Scale Jobs, can help you simplify the process of compliance analysis when you have many target servers.

Compliance Content Scale Jobs are divided (in a series of sub-folders under the Compliance Content Scale Job folder) by type of policy (CIS, DISA, HIPAA, PCI, or SOX) and platform (that is, the version of the operating system on the target server).

Large-scale compliance analysis for UNIX or Linux target servers involves several jobs, as described in Choosing-between-a-regular-Compliance-Job-and-a-Batch-Job. Each of the sub-folders contains the following jobs:

Job

Description

Scale Job

A Batch Job that runs an NSH Script Job and a Compliance Job (described in the next two rows).

NSH Script Job

Runs an NSH Script that prepares required caches asynchronously for all targets included in the Compliance Job. The associated NSH script is stored in the depot.

Compliance Job

Runs compliance analysis based on the relevant Compliance Content component template after the caches have been prepared.

For Windows target servers, large-scale compliance analysis requires just the Compliance Job.

 

Click here for the full list of scale jobs for all supported policies and platforms..

The following table lists the available batch-type Scale Jobs and provides details about the NSH Script Job and Compliance Job contained in each Scale Job, as well as the name of the associated component template.

Tip

To fit the full table on the page, press f to view the page in full-screen mode. Press f again to return to the regular view.

Template name

Name of Scale Job

NSH Script Job name

NSH script name

Compliance Job name

CIS

CIS - SUSE Linux Enterprise Server 11

CisSuse11ScaleJob

BMCCacheCreatorCisSuse11

findFiles

CisSuse11ComplianceJob

CIS - SUSE Linux Enterprise Server 10

CisSuse10ScaleJob

BMCCacheCreatorCisSuse10

findFiles

CisSuse10ComplianceJob

CIS - Red Hat Enterprise Linux 7

CisRhel7ScaleJob

BMCCacheCreatorCisRhel7

EO-RHEL7_findFiles_and_conf

CisRhel7ComplianceJob

CIS - RedHat Enterprise Linux 6

CisRhel6ScaleJob

BMCCacheCreatorCisRhel6

EO-RHEL6_findFiles_and_conf

CisRhel6ComplianceJob

CIS - RedHat Enterprise Linux 5

CisRhel5ScaleJob

BMCCacheCreatorCisRhel5

EO-RHEL5_findFiles_and_conf

CisRhel5ComplianceJob

CIS - Oracle Solaris 11.1

CisSolaris11_1ScaleJob

BMCCacheCreatorCisSolaris11_1

EO-SOLARIS11_findFiles_and_conf

CisSolaris11_1ComplianceJob

CIS - AIX 7.1

CisAix71ScaleJob

BMCCacheCreatorCisAix71

findFiles

CisAix71ComplianceJob

CIS - AIX 5.3 and 6.1

CisAix61ScaleJob

BMCCacheCreatorCisAix61

findFiles

CisAix61ComplianceJob

CIS - Windows Server 2003 for Domain Controllers

NA

NA

NA

CisWin2003DCComplianceJob

CIS - Windows Server 2003 for Member Servers

NA

NA

NA

CisWin2003MSComplianceJob

CIS - Windows Server 2008

NA

NA

NA

CisWin2008ComplianceJob

CIS - Windows Server 2008 R2

NA

NA

NA

CisWin2008R2ComplianceJob

CIS - Windows Server 2012

NA

NA

NA

CisWin2012ComplianceJob

CIS - Windows Server 2012 R2

NA

NA

NA

CisWin2012R2ComplianceJob

DISA

DISA - Red Hat Enterprise Linux 6

DisaRedhat6ScaleJob

BMCCacheCreatorDisaRedhat6

EO-RHEL6_findFiles_and_conf

DisaRedhat6ComplianceJob

DISA - Red Hat Enterprise Linux 5

DisaRedhat5ScaleJob

BMCCacheCreatorDisaRedhat5

EO-RHEL5_findFiles_and_conf

DisaRedhat5ComplianceJob

DISA - Solaris 11 X86

DisaSolaris11x86ScaleJob

BMCCacheCreatorDisaSolaris11x86

EO-SOLARIS11X86_findFiles_and_conf

DisaSolaris11x86ComplianceJob

DISA - Solaris 11 SPARC

DisaSolaris11SparcScaleJob

BMCCacheCreatorDisaSolaris11Sparc

EO-SOLARIS11SPARC_findFiles_and_conf

DisaSolaris11SparcComplianceJob

DISA - Solaris 10 X86

DisaSolaris10x86ScaleJob

BMCCacheCreatorDisaSolaris10x86

EO-SOLARIS10X86_findFiles_and_conf

DisaSolaris10x86ComplianceJob

DISA - Solaris 10 SPARC

DisaSolaris10SparcScaleJob

BMCCacheCreatorDisaSolaris10Sparc

EO-SOLARIS10SPARC_findFiles_and_conf

DisaSolaris10SparcComplianceJob

DISA - AIX 6.1

DisaAix61ScaleJob

BMCCacheCreatorDisaAix61

EO-AIX61_findFiles_and_conf

DisaAix61ComplianceJob

DISA - HP-UX 11.31

DisaHpux1131ScaleJob

BMCCacheCreatorDisaHpux1131

EO-HPUX1131_findFiles_and_conf

DisaHpux1131ComplianceJob

DISA - HP-UX 11.23

DisaHpux1123ScaleJob

BMCCacheCreatorDisaHpux1123

EO-HPUX1123_findFiles_and_conf

DisaHpux1123ComplianceJob

DISA - Windows Server 2003 DC

NA

NA

NA

DisaWin2003DCComplianceJob

DISA - Windows Server 2003 MS

NA

NA

NA

DisaWin2003MSComplianceJob

DISA - Windows Server 2008 DC

NA

NA

NA

DisaWin2008DCComplianceJob

DISA - Windows Server 2008 MS

NA

NA

NA

DisaWin2008MSComplianceJob

DISA - Windows Server 2008 R2 DC

NA

NA

NA

DisaWin2008R2DCComplianceJob

DISA - Windows Server 2008 R2 MS

NA

NA

NA

DisaWin2008R2MSComplianceJob

DISA - Windows Server 2012 R2 DC

NA

NA

NA

DisaWin2012DCComplianceJob

DISA - Windows Server 2012 R2 MS

NA

NA

NA

DisaWin2012MSComplianceJob

HIPAA

HIPAA - Red Hat Enterprise Linux 7

HipaaRhel7ScaleJob

BMCCacheCreatorHipaaRhel7

findFiles

HipaaRhel7ComplianceJob

HIPAA - Red Hat Enterprise Linux 6

HipaaRhel6ScaleJob

BMCCacheCreatorHipaaRhel6

findFiles

HipaaRhel6ComplianceJob

HIPAA - Red Hat Enterprise Linux 5

HipaaRhel5ScaleJob

BMCCacheCreatorHipaaRhel5

findFiles

HipaaRhel5ComplianceJob

HIPAA - AIX

HipaaAixScaleJob

BMCCacheCreatorHipaaAix

findFiles

HipaaAixComplianceJob

HIPAA - Windows Server 2003

NA

NA

NA

HipaaWin2003ComplianceJob

HIPAA - Windows Server 2008

NA

NA

NA

HipaaWin2008ComplianceJob

HIPAA - Windows Server 2012

NA

NA

NA

HipaaWin2012ComplianceJob

PCIv3, PCIv2, and PCI

PCI Data Security Standard v3 - Red Hat Enterprise Linux 7

Pciv3Rhel7ScaleJob

BMCCacheCreatorPciv3Rhel7

EO-RHEL7_findFiles_and_conf

Pciv3Rhel7ComplianceJob

PCI Data Security Standard v3 - Red Hat Enterprise Linux 6

Pciv3Rhel6ScaleJob

BMCCacheCreatorPciv3Rhel6

EO-RHEL6_findFiles_and_conf

Pciv3Rhel6ComplianceJob

PCI Data Security Standard v2 - Red Hat Enterprise Linux 5

Pciv2Rhel5ScaleJob

BMCCacheCreatorPciv2Rhel5

findFiles

Pciv2Rhel5ComplianceJob

PCI Data Security Standard v3 - SUSE Linux Enterprise Server 11

Pciv3Suse11ScaleJob

BMCCacheCreatorPciv3Suse11

findFiles

Pciv3Suse11ComplianceJob

PCI Data Security Standard v3 - SUSE Linux Enterprise Server 10

Pciv3Suse10ScaleJob

BMCCacheCreatorPciv3Suse10

findFiles

Pciv3Suse10ComplianceJob

PCI Data Security Standard v3 - AIX 7.1

Pciv3Aix71ScaleJob

BMCCacheCreatorPciv3Aix71

findFiles

Pciv3Aix71ComplianceJob

PCI Data Security Standard v3 - AIX 5.3 and 6.1

Pciv3Aix53and61ScaleJob

BMCCacheCreatorPciv3Aix53and61

findFiles

Pciv3Aix53and61ComplianceJob

PCI - Solaris10

PciSolaris10ScaleJob

BMCCacheCreatorPci

bmc-findFiles

PciSolaris10ComplianceJob

PCI - Solaris89

PciSolaris89ScaleJob

BMCCacheCreatorPci

bmc-findFiles

PciSolarisComplianceJob

PCI - HPUX

PciHpuxScaleJob

BMCCacheCreatorPci

bmc-findFiles

PciHpuxComplianceJob

PCI Data Security Standard v3 - Windows Server 2012

NA

NA

NA

Pciv3Win2012ComplianceJob

PCI Data Security Standard v3 - Windows Server 2012 R2

NA

NA

NA

Pciv3Win2012R2ComplianceJob

PCI Data Security Standard v2 - Windows Server 2008

NA

NA

NA

Pciv2Win20008ComplianceJob

PCI Data Security Standard v3 - Windows Server 2008 R2

NA

NA

NA

Pciv3Win2008R2ComplianceJob

SOX

SOX - AIX

SoxAixScaleJob

BMCCacheCreatorSox

bmc-findFiles

SoxAixComplianceJob

SOX - HPUX

SoxHpuxScaleJob

BMCCacheCreatorSox

bmc-findFiles

SoxHpuxComplianceJob

SOX - Linux

SoxLinuxScaleJob

BMCCacheCreatorSox

bmc-findFiles

SoxLinuxComplianceJob

SOX - Solaris 10

SoxSolaris10ScaleJob

BMCCacheCreatorSox

bmc-findFiles

SoxSolaris10ComplianceJob

SOX - Solaris

SoxSolarisScaleJob

BMCCacheCreatorSox

bmc-findFiles

SoxSolarisComplianceJob

SOX - SuSE

SoxSuseScaleJob

BMCCacheCreatorSox

bmc-findFiles

SoxSuseComplianceJob

To perform large-scale compliance analysis, choose the appropriate procedure, depending on the type of operating system at the target servers:

To execute large-scale compliance analysis on Linux or UNIX

  1. Under the Jobs folder, navigate to the relevant sub-folder under the Compliance Content Scale Job folder (for the appropriate policy and Linux/UNIX platform).
  2. In this folder, right click the Scale Job, and select Open.
  3. On the Batch Job Options panel, under Server/Server Groups, ensure that Use the following servers for all jobs is selected, and specify the target servers where you want to analyze compliance.
    Target servers must match the operating system of the component template (also indicated within job names).
  4. Continue with scheduling the Batch Job as described in Creating-and-modifying-Batch-Jobs.
     The job is stored in the Jobs folder, in the subfolder that you specified for the job.

  5. If you want to change any of the following parameters of the NSH Script Job, which is executed by the Scale Job, you can change them in the appropriate script file in Depot/scale scripts Group through the NSH Script Editor. Your changes affect all jobs that call this script.

    Parameters in NSH Script Jobs for SOX and PCI

    Parameter

    Description

    CACHE_HRS

    The frequency (in hours) of cache refresh. The default is 24 hours.

    FORCEFIND

    To force an immediate cache refresh whenever the Compliance Job runs (overriding the CACHE_HRS parameter), change from the default value of n (no) to y (yes).

    SCAN_FOLDER

    Directory paths to be included in searches (excluding all others). Separate multiple directories with commas. This parameter takes precedence over the USER_DIRs parameter.

    USER_DIRs

    Directory paths to be excluded from searches. Separate multiple directories with commas.

    MAX_DISK_PERCENTAGE

    Maximum disk percentage allowed during cache preparation before the process is stopped and an error is issued. By default, the value for this parameter is 80.

    OS

    The operating system of the target server. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.OS??).

    STAGE_DIR

    The path to the staging directory on the target server. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.STAGING_DIR??).

    TARGET_RSCD_DIR

    The path to the RSCD Agent installation directory on the target server. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.RSCD_DIR??).

    Parameters in NSH Script Jobs for CIS, DISA, HIPAA, PCIv2 and PCIv3

    Parameter

    Description

    CACHE_HRS_VALUE

    The frequency (in hours) of cache refresh. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.CACHE_HRS??).

    FIND_FILES_TIMEOUT_VALUE

    The timeout (in minutes) of find files. The default is 0 (no timeout).

    EXCLUDED_DIR_VALUE

    Directory paths to be excluded from searches. Separate multiple directories with commas. By default, the value for this parameter is derived from a property in the target's Server property class (this is, ??TARGET.EXCLUDED_DIR??).

    FORCEFIND_VALUE

    To force an immediate cache refresh whenever the Compliance Job runs (overriding the CACHE_HRS_VALUE parameter)

    MAX_DISK_PERCENTAGE_VALUE

    Maximum disk percentage allowed during cache preparation before the process is stopped and an error is issued. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.MAX_DISK_PERCENTAGE??).

    RSCD_DIRECTORY_VALUE

    The RSCD directory to be excluded from the global search for non-compliant files. By default, the value for this parameter is derived from a property in the target's Server property class (that is, ??TARGET.RSCD_DIR??).

    SCAN_DIRECTORY_VALUE

    The directory to use as the starting directory for the global search for non-compliant files. The default value for this parameter is the root directory (denoted by a single slash character, /).

    EXCLUDE_HOME_DIR_USER_LIST_VALUE

    Unix system user accounts where home should not be scanned. Default values are:

    • ??TARGET.CIS Properties.UNIX_EXCLUDE_HOME_DIR_USER_LIST??
    • ??TARGET.DISA Properties.UNIX_EXCLUDE_HOME_DIR_USER_LIST??
    • ??TARGET.PCI Properties.UNIX_EXCLUDE_HOME_DIR_USER_LIST??

To execute large-scale compliance analysis on Windows

  1. Under the Jobs folder, navigate to the relevant sub-folder under the Compliance Content Scale Job folder (for the appropriate policy and Windows platform).
  2. In this folder, right click the Compliance Job (the only item in the folder), and select Open.
  3. Continue modifying and scheduling the job as described in Modifying-Compliance-Jobs.
    To avoid the need to run a Component Discovery Job before running the Compliance Job, note the following special guidelines:
    • On the General tab, select the Run auto-discovery option.
    • On the Components tab, specify the target servers on which to run the Compliance Job.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*