This topic guides you through the installation and configuration of TrueSight Server Automation Compliance Content add-ons. The topic contains the following sections:
Overview of Compliance Content add-ons
Click here to read an overview of the benefits of using Compliance Content in your environment.
Technical and operational standards exist to protect sensitive data held in the data center. To achieve accreditation, the data center must prove compliance with existing standards. TrueSight Server Automation Compliance Content libraries provide you with add-on content for TrueSight Server Automation, containing rule sets to automatically analyze compliance for every server in the data center. These sets of rules are based on the following standards and policies:
- Health Insurance Portability and Accountability Act (HIPAA)
- Defense Information Systems Agency--Security Technical Implementation Guides (DISA STIG)
- Sarbanes-Oxley (SOX) Act
- Payment Card Industry (PCI) Data Security Standard (DSS) requirements developed by the PCI Security Standards Council
- Center for Internet Security (CIS) benchmarks
Results from analyses performed based on Compliance Content component templates can be used both to document the current situation and as a basis for bringing non-compliant servers into full compliance with the standard. Using TrueSight Server Automation Compliance Content, you can
- Discover relevant target servers and analyze those servers for compliance with major regulatory standards and best-practice policies
- Remediate compliance failures that were discovered by deploying BLPackages
- Generate reports with summaries of compliance details, similar to policy audit sheets
For a list of Compliance Content component templates, see Compliance-policy-standards-supported-by-TrueSight-Server-Automation-templates.
For more information about using Compliance Content add-ons to analyze and remediate compliance with standard policies, see Compliance-Content-analysis-and-remediation.
Notes
The pre-defined component templates provided in TrueSight Server Automation Compliance Content libraries reflect a generic interpretation of the compliance standards, and cannot take into account the specific situation within your organization. Therefore, certification cannot be assumed and is not implied based solely on successfully complying with the rules within these templates. Additional measures, such as manual compliance checks, may be required to achieve certification.
The Payment Card Industry (PCI) Data Security Standard templates are provided in a separate group of templates for each version of PCI — PCI version 1, PCI version 2, and PCI version 3.
Warning
BMC Regulatory Compliance Templates (Policies) provided by BMC comes with remediation actions for many of the standard checks where rule check fails and corrective action may be necessary to get servers to desired state. It is recommended by BMC for customers to carefully review all the shipped remediation actions. BMC supplies Auto remediation flag and by default is set to false to ensure no changes on the managed servers are performed when certain compliance rules check fail. If auto remediation flag is set to true then BSA as part of remediation package deploy job will make changes to servers. It is the responsibility of customer to ensure and control remediation actions including auto remediation actions performed in their environment.
To install Compliance Content add-ons
The following sections discuss how to install the Compliance Content add-ons.
Note
If you installed TrueSight Server Automation using the unified product installer, the Compliance Content add-ons are installed by the unified product installer, and you do not have to install them separately.
Overview of the Compliance Content installation process
For the installation of TrueSight Server Automation Compliance Content libraries on the Application Server, you can choose between a direct installation procedure using an interactive installation wizard or a silent (unattended) installation procedure.
During installation, the installer performs the following actions:
- Imports groups of out-of-the-box component templates that contain compliance rules for regulatory standards and best-practice policies (HIPAA, SOX, DISA, PCIv2, PCIv3, and CIS).
- Imports corresponding groups of remediation BLPackages into the Depot, for use in remediating compliance failures against SOX, HIPAA, DISA, PCIv2, PCIv3, or CIS.
- Imports a group of out-of-the-box batch-type Scale Jobs that can be used for compliance analysis on UNIX and Linux platforms, especially in environments with large numbers of servers.
- Installs various out-of-the-box configuration objects (configuration files and extended objects) that support the provided compliance rules.
- Creates a custom property class for each policy type and defines a Default instance for the property class.
Notes
- Note that the properties from the imported object overwrite the values defined for those properties at the target. However, for any property that you need to keep the local value at the target server, you must restore the property value after the import. For example, the STAGING_DIR property in the built-in Server property class.
- When you upgrade to the latest version, the template customizations are lost. Ensure that you keep a backup of the customized templates and remediation packages associated with the templates.
Requirements and supported resources for Compliance Content
Before beginning the installation of Compliance Content libraries for TrueSight Server Automation, verify that all requirements are met on the TrueSight Server Automation Application Server. For the list of requirements, see Compliance-Content-support-and-requirements. For details about the operating systems supported by Compliance Content component templates of each policy type, see Compliance-policy-standards-supported-by-TrueSight-Server-Automation-templates.
To install Compliance Content libraries directly
Prior to performing the procedure, ensure that you have logged on as a user with administrator privileges to the computer that hosts the Application Server. On a UNIX computer, log on as root. If you are not permitted to log on as root, use the su command to run as root after logging on as a non-root user. Alternatively, use the sudo command.
Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.
org.xwiki.rendering.macro.MacroExecutionException: Failed to get document for reference [confluencePage:page:Walkthrough. Loading compliance content]
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.internalExecute(ExcerptIncludeMacro.java:130)
at productHelper.macros.BmcExcerptIncludeMacro.internalExecute(BmcExcerptIncludeMacro.java:27)
at productHelper.macros.BmcExcerptIncludeMacro.internalExecute(BmcExcerptIncludeMacro.java:18)
at com.xwiki.macros.AbstractProMacro.execute(AbstractProMacro.java:116)
at org.xwiki.rendering.internal.transformation.macro.MacroTransformation.transform(MacroTransformation.java:441)
at org.xwiki.rendering.internal.transformation.DefaultRenderingContext.transformInContext(DefaultRenderingContext.java:183)
at org.xwiki.rendering.internal.transformation.DefaultTransformationManager.performTransformations(DefaultTransformationManager.java:88)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.executeInCurrentExecutionContext(DocumentContentAsyncExecutor.java:396)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.execute(DocumentContentAsyncExecutor.java:269)
at org.xwiki.display.internal.DocumentContentAsyncRenderer.execute(DocumentContentAsyncRenderer.java:112)
at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:157)
at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:290)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.execute(DefaultBlockAsyncRendererExecutor.java:125)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:67)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:43)
at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:96)
at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:39)
at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:123)
at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:52)
at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:68)
at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:42)
at com.xpn.xwiki.doc.XWikiDocument.display(XWikiDocument.java:1412)
at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1548)
at com.xpn.xwiki.doc.XWikiDocument.displayDocument(XWikiDocument.java:1498)
at com.xpn.xwiki.doc.XWikiDocument.displayDocument(XWikiDocument.java:1467)
at com.xpn.xwiki.api.Document.displayDocument(Document.java:788)
at jdk.internal.reflect.GeneratedMethodAccessor574.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:571)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:554)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:221)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:368)
at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:704)
at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:75)
at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:242)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:190)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.xwiki.velocity.internal.directive.TryCatchDirective.render(TryCatchDirective.java:86)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:304)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.Template.merge(Template.java:358)
at org.apache.velocity.Template.merge(Template.java:262)
at org.xwiki.velocity.internal.InternalVelocityEngine.evaluate(InternalVelocityEngine.java:225)
at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:105)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:219)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:174)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:135)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:284)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:284)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:904)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:866)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:853)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:808)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:800)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:79)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:73)
at org.xwiki.template.script.TemplateScriptService.render(TemplateScriptService.java:54)
at jdk.internal.reflect.GeneratedMethodAccessor4135.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:571)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:554)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:221)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:368)
at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:492)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:218)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:331)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:261)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:304)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.Template.merge(Template.java:358)
at org.apache.velocity.Template.merge(Template.java:262)
at org.xwiki.velocity.internal.InternalVelocityEngine.evaluate(InternalVelocityEngine.java:225)
at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:105)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:219)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:174)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:135)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:284)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:284)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:904)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:866)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:853)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:808)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:800)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:79)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:73)
at org.xwiki.template.script.TemplateScriptService.render(TemplateScriptService.java:54)
at jdk.internal.reflect.GeneratedMethodAccessor4135.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:571)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:554)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:221)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:368)
at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:492)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:218)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:331)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:261)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:304)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:171)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:190)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:190)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.Template.merge(Template.java:358)
at org.apache.velocity.Template.merge(Template.java:262)
at org.xwiki.velocity.internal.InternalVelocityEngine.evaluate(InternalVelocityEngine.java:225)
at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:105)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:219)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:174)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:135)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:284)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:284)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:904)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:866)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:846)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:832)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:91)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:85)
at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2564)
at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:180)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:651)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:339)
at com.xpn.xwiki.web.LegacyActionServlet.service(LegacyActionServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:354)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1684)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: com.xpn.xwiki.XWikiException: Error number 3202 in 3: Exception while reading document [confluencePage:page:Walkthrough. Loading compliance content()]
at com.xpn.xwiki.store.XWikiHibernateStore.loadXWikiDoc(XWikiHibernateStore.java:1233)
at com.xpn.xwiki.store.XWikiCacheStore.loadXWikiDoc(XWikiCacheStore.java:399)
at com.xpn.xwiki.XWiki.getDocument(XWiki.java:2195)
at com.xpn.xwiki.XWiki.getDocument(XWiki.java:2257)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.internalExecute(ExcerptIncludeMacro.java:128)
... 188 more
Caused by: com.xpn.xwiki.XWikiException: Error number 2 in 0: No wiki with id [confluencePage:page] could be found
at com.xpn.xwiki.internal.store.hibernate.HibernateStore.beginTransaction(HibernateStore.java:854)
at com.xpn.xwiki.store.XWikiHibernateBaseStore.beginTransaction(XWikiHibernateBaseStore.java:576)
at com.xpn.xwiki.store.XWikiHibernateStore.loadXWikiDoc(XWikiHibernateStore.java:1082)
... 192 more
Back to top
To perform a silent installation of Compliance Content libraries
Note
You can use silent mode to perform the installation in a headless environment (a system that has no display device, keyboard or mouse). However, if your Linux or UNIX environment has the DISPLAY variable set to export your display to a remote system, make sure that the remote system has an X Window server installed and configured.
Log on as a user with administrator privileges to the computer that hosts the TrueSight Server Automation Application Server.
On a UNIX computer, log on as root. If you are not permitted to log on as root, use the su command to run as root after logging on as a non-root user. Alternatively, use the sudo command.
Note
In a multi-server environment, to load content on multiple TrueSight Server Automation Application Servers within the same environment (that is, connected to the same TrueSight Server Automation core database), select the check box that indicates a multi-server environment before you click Next. Then in the next window, enter the names or IP addresses of any additional application servers, one in each row, and click Next.
To successfully install content in a multi-server environment, the system user running the installer must have Network Shell write access to the application servers. For example, if you are logged onto the OS and you started the Compliance Content installer as root, you need to have an entry such as the following in the users.local file on all of the Application Servers targeted by the installer:
root rw,map=root
- Download the appropriate content setup file from the BMC Software web site to a temporary directory on the TrueSight Server Automation Application Server.
Depending on your operating system, select one of the following files:- For Windows: Content86-WIN.exe
- For Linux: Content86-LIN.bin
- For Solaris UNIX: Content86-SOL.bin
- Create an Options file (for example, OptionsFile.txt ), and ensure that the following lines are included in this text file:
-P installLocation=installation directory
-J BLADELOGIC_PROFILES=profileName
-J BLADELOGIC_PROFILES_TYPES=profileAuthenticationType
-J USER_PROFILE_NAME=profileName
-J USER_ACCOUNT_NAME=userAccount
-J USER_ACCOUNT_PASSWORD=encryptedPassword
-J USER_ROLE=userRole
-J CONTENT_APPSERVER_LIST=applicationServerList
-J INSTALL_policy_TEMPLATES=true (for all templates of a policy)
-A templateFeatureID (to choose exact templates)
Where- The default path to the CONTENT_HOME installation directory (the value of the -P attribute) is C:\Program Files\BMC Software\Content on Windows or /opt/bmc/content on UNIX. This directory is used temporarily, and is automatically deleted after installation is complete.
- For a silent installation, you can only specify one existing profile and its authentication type in the BLADELOGIC_PROFILES and BLADELOGIC_PROFILES_TYPES properties. Specify the same profile in the USER_PROFILE_NAME property.
You cannot create a new profile during a silent installation, as is possible during the interactive direct installation. Therefore, ensure that you already have an appropriate profile defined. To ensure that profiles are defined, check for the existence of the authenticationProfiles.xml file within the TrueSight Server Automation installation directories and review its contents. For more information about setting up an authentication profile, see Setting-up-an-authentication-profile. - The USER_ROLE property is necessary only if the user that you specified is assigned to more than one role.
- The password for the TrueSight Server Automation user account must be encrypted . To generate an encrypted password, invoke the blenc utility through any Network Shell prompt. The blenc utility prompts you for your password and then generates and outputs a corresponding encrypted password.
- The list of application servers can contain multiple TrueSight Server Automation Application Server names or IP addresses (IPv4 or IPv6) if you are working in a multi-server environment. Use commas to separate Application Server names.
To successfully install content in a multi-server environment, the system user running the installer must have Network Shell write access to the application servers.
For each policy type, you can choose between installing all component templates of the policy using the -J INSTALL_<policy>_TEMPLATES=true line (where the policy can be DISA, HIPAA, PCI, PCIv2, PCIv3, SOX or CIS), or you can choose the exact component templates to install using multiple -A lines.
Template feature IDs specified in -A lines have the naming convention featurePolicyOSTemplate (for example, featureSoxAixTemplate).
Click here to expand the full list of template feature IDs
| | Template feature ID (used in silent installation) |
|---|
Center for Internet Security (CIS) | | |
| |
| featureCisSolaris11_1Template |
Red Hat Enterprise Linux 6 | featureCisRedhat6Template |
Red Hat Enterprise Linux 7 | featureCisRedhat7Template |
SuSE Linux Enterprise Server 11 | |
SuSE Linux Enterprise Server 12 | |
| |
| featureCisWin08R2Template |
| |
| featureCisWin12R2Template |
| |
Defense Information Systems Agency (DISA)
| | |
| featureDisaHpux1123Template |
| featureDisaHpux1131Template |
Red Hat Enterprise Linux 6 | featureDisaRedhat6Template |
Red Hat Enterprise Linux 7 | featureDisaRedhat7Template |
| featureDisaSolaris10SparcTemplate |
| featureDisaSolaris10x86Template |
| featureDisaSolaris11SparcTemplate |
| featureDisaSolaris11x86Template |
| featureDisaWin08DCTemplate |
| featureDisaWin08MSTemplate |
Windows Server 2008 R2 DC | featureDisaWin08R2MSTemplate |
Windows Server 2008 R2 MS | featureDisaWin08R2DCTemplate |
| featureDisaWin12DCTemplate |
| featureDisaWin12MSTemplate |
| |
Health Insurance Portability and Accountability Act (HIPAA)
| | featureHipaaAix71Template |
| |
Red Hat Enterprise Linux 6 | featureHipaaRedhat6Template |
Red Hat Enterprise Linux 7 | featureHipaaRedhat7Template |
| featureHipaaSolaris10Template |
| featureHipaaWin08Template |
| featureHipaaWin12Template |
| | |
| featureSoxSolaris10Template |
Payment Card Industry (PCI)
| | |
| featurePciSolaris10Template |
Payment Card Industry (PCIv2) | | featurePciv2Win08Template |
Payment Card Industry (PCIv3)
| | featurePciv3Aix61Template |
| featurePciv3Aix71Template |
Red Hat Enterprise Linux 6 | featurePciv3Redhat6Template |
Red Hat Enterprise Linux 7 | featurePciv3Redhat7Template |
SuSE Linux Enterprise Server 11 | featurePciv3Suse11Template |
| featurePciv3Win08R2Template |
| featurePciv3Win12Template |
| featurePciv3Win12R2Template |
| featurePciv3Win16Template |
Examples
An Options file with the following lines installs all HIPAA templates, and two individual SOX templates:
-P installLocation=C:\Program Files\BMC Software\Content
-J BLADELOGIC_PROFILES=defaultProfile
-J BLADELOGIC_PROFILES_TYPES=SRP
-J USER_PROFILE_NAME=defaultProfile
-J USER_ACCOUNT_NAME=BLAdmin
-J USER_ACCOUNT_PASSWORD=facfe8dfd0743920d8d901de05557886
-J CONTENT_APPSERVER_LIST=AUS-LORA-10.bmc.com
-J INSTALL_HIPAA_TEMPLATES=true
-A featureSoxAixTemplate
-A featureSoxLinuxTemplate
An Options file with the following lines performs a full install:
-P installLocation=<installationDirectory>
-J BLADELOGIC_PROFILES=<profileName>
-J BLADELOGIC_PROFILES_TYPES=<profileAuthenticationType>
-J USER_PROFILE_NAME=<profileName>
-J USER_ACCOUNT_NAME=<userAccount>
-J USER_ACCOUNT_PASSWORD=<encryptedPassword>
-J USER_ROLE=<userRole>
-J CONTENT_APPSERVER_LIST=<applicationServerList>
-J INSTALL_DISA_TEMPLATES=true
-J INSTALL_CIS_TEMPLATES=true
-J INSTALL_HIPAA_TEMPLATES=true
-J INSTALL_PCI_TEMPLATES=true
-J INSTALL_PCIv2_TEMPLATES=true
-J INSTALL_PCIv3_TEMPLATES=true
-J INSTALL_SOX_TEMPLATES=true
An Options file with the following lines performs a custom install that includes only the DISA Linux templates:
-P installLocation=<installationDirectory>
-J BLADELOGIC_PROFILES=<profileName>
-J BLADELOGIC_PROFILES_TYPES=<profileAuthenticationType>
-J USER_PROFILE_NAME=<profileName>
-J USER_ACCOUNT_NAME=<userAccount>
-J USER_ACCOUNT_PASSWORD=<encryptedPassword>
-J USER_ROLE=<userRole>
-J CONTENT_APPSERVER_LIST=<applicationServerList>
-A featureDisaLinuxTemplate
Run the silent installation using a command in this format:
<full path to Setup file> -i silent -DOPTIONS_FILE=<full path to Options file>
For example:
# ./Content87-LIN.bin -i silent -DOPTIONS_FILE=/tmp/OptionsFile.txt
Note
An installation log file named content_install_log.txt is created in the following directory:
- On Linux: /tmp
- On Solaris UNIX: /var/tmp
- On Windows: %USER_HOME%\Local Settings\Temp (for example: C:\Documents and Settings\Administrator\Local Settings\Temp )
Back to top
To determine the version of content currently installed
Check the content.version file, which is created in the ../fileserver/Content folder.
The content of the content.version file looks like this:
featureCis=8.6.215
featureSox=8.6.215
To configure Compliance Content add-ons
The following topics presents information about configuration necessary for the Compliance Content add-ons. Perform these configuration tasks after installing the Compliance Content add-ons.
| |
|---|
| During the installation of Compliance Content libraries, various editable properties related to Compliance Content are defined. This topic describes how to review these properties. |
| During the installation of Compliance Content libraries, groups of out-of-the-box component templates are saved in TrueSight Server Automation. This topic describes how to refine these templates according to your needs. |
| Target data used during the execution of Compliance Jobs is cached on the target servers and the cache is refreshed at a default frequency. This topic describes how to control this frequency of cache refresh. |
Where to go from here
If you encounter problems during the installation process, check the installation log for messages and consult Troubleshooting-the-installation-of-Compliance-Content-add-ons for further troubleshooting information.