Remediating compliance results

After running a Compliance Job based on one of the Compliance Content component templates, you can access job results and manually remediate the configuration of components that failed the Compliance Job. The remediation process runs a Deploy Job and deploys one of the BLPackages provided in the Compliance Content libraries, as specified in the remediation options of a specific compliance rule.

After performing remediation, you can still change your mind and undo the remediation.

Before you begin

• Remediation for the CIS, DISA, HIPAA, PCIv2, and PCIv3 templates for Windows is provided for both Member Servers and Domain Controller servers. For Domain Controller servers, remediation is provided on Default Domain Controller Security Policy and/or Default Domain Security Policy, as per the settings you have specified for the REMEDIATE_SETTING_FOR_GPO template property. 
  
  Before performing the remediation operation, you must ensure that you have set appropriate values for the following properties:

  The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
  This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.
  In addition, ensure that the following properties in the Server built-in property class are set with appropriate values:

  • IS_SSLF
  • PCI Properties / CIS Properties / DISA Properties – pointing to the correct instance of the custom property class

• Remediation for any policy on Windows or Linux computers fails if any built-in users or groups that are referred to in rules in the component template are renamed or deleted. You must modify or delete the offending user names or group names within the rules and remediation packages in the component template before you can successfully perform remediation.
• Remediation and undo of audit rules for the CIS - RedHat Linux 5 and PCIv2 - RedHat Linux 5 templates will not take effect if the /etc/audit/audit.rules file contains the -e 2 entry. You must manually remove the entry and restart the target server.
• In the component templates for any policy on a Windows operating system, rules for security settings are designed to check both the local settings and the effective settings. However, on a Member Server only the local settings are modified during remediation, because effective settings are pushed only from the domain controller. As a result, rules for user rights and security settings on a Member Server will show as non-compliant even after running a remediation job if effective settings, which reflect the Group Policy Objects (GPOs), are not in line with the compliance policy design. In such a case, consult your local system administrator to bring the Group Policy in line with the TrueSight Server Automation Compliance Policy.

To begin the remediation process

1. Navigate to the relevant Compliance Job, right-click it, and select Show Results.
2. In the content editor, expand a particular run of the Compliance Job.
3. Under the Rules View node, navigate to the relevant component template, rule group, or single compliance rule, right click it, and select Remediate.

For full instructions, see Manually-remediating-compliance-results.