CIS: Red Hat Enterprise Linux 8

This document provides information about the hotfix containing Center for Internet Security (CIS) templates for Red Hat Enterprise Linux 8 Benchmark Version 2.0.0 published on Feb 23, 2022. This template contains implementation for 325 rules that can be installed on TrueSight Server Automation 20.x or later.

Before you begin

Before you install this hotfix,  ensure that the following requirements are met: 

• All compliance content provided by BMC in your environment is at least updated to 20.x or later version.
• Exiting customized template is renamed before you import the new one (by performing the steps given below).
• The default values for the template's local and global properties are reviewed and match the organization standards.

• The sensors folder is backed up. This folder contains the extended object scripts.

  The sensors folder is located at <AppServerInstallDir>/share/sensors on the Application Server. 

Step 1: Download the files

1. Download the CIS - Red Hat Enterprise Linux 8 package from the following location:
   You must log in or register to view this page

   Expand to view the checksum-related information

   Verify the downloaded content by using the following checksums.

   S.No	File Name	MD5SUM
   1	CIS - Red Hat Enterprise Linux 8.zip	972fa625ca5787b65448fa3941ef70cb
   2	extendedobjects.zip	0812316088cb2e779b54dca8c4c09097

   Verify the extended objects present on the application. If the md5sums match, go ahead and replace them. If these md5sums do not match, you must manually merge the fixes.

2. Move the CIS - Red Hat Enterprise Linux 8.zip package to the server where the TrueSight Server Automation console is installed.
3. Extract the contents of the extendedobjects.zip package to a temporary directory on one of the Application Servers.
4. Replace the extended object scripts in the following directory on all the Application Servers:
   <AppServerInstallDir>/share/sensors

Step 2: Import the compliance content

1. Log in to the TrueSight Server Automation console.
2. Right-click Component Templates and select Import.
   
   
   
3. Select the Import (Version-neutral) option and click OK.
   
   
   

4. Select the CIS - Red Hat Enterprise Linux 8.zip package from the temporary location and click Next.

   The CIS template for CIS - Red Hat Enterprise Linux 8 is available in the CIS - Red Hat Enterprise Linux 8.zip package.

   

5. To import the template, select CIS - Red Hat Enterprise Linux 8 and click Next.

   Note

   Ensure that you select the Use existing objects and Preserve template group path options before you click Next.

   
   
   

6. Navigate to the last screen of the wizard and then click Finish.
   
   
   

7. The templates are imported successfully. Click OK.

   The imported templates are shown under CIS Compliance Content > CIS.

   

Rules within the template

The 325 rules provided in the zip package contains the following types of rules:

• Rules that check for compliance (audit) and provides remediation - 244
• Rules that check for compliance(audit) but do not provide remediation - 59
• Rules that do not check for compliance and do not provide remediation - 22

The following are the details of the rules that are divided into parts:

• Rules not divided into parts = 248
• Rules divided into two parts (18 Rules) so (18* 2) = 36
• Rules divided into three parts (7 Rules) so (7 * 3) = 21
• Rules divided into four parts (2 Rules) so (2 * 4) = 8
• Rules divided into six parts (2 Rules) so (2 * 6) = 12

The current rule count according to CIS Red Hat Enterprise 8 template after running the compliance job is 325 (248+ 36+21+8+12).