Skip to Content

CIS: Oracle Linux 9

As part of the 26.1 release, a new CIS template for Oracle Linux 9 is introduced. This document provides information about the hotfix which contains Center for Internet Security (CIS) templates for Oracle Linux 9. This template contains implementation for 369 rules that can be installed on TrueSight Server Automation 20.x or later.

This template is created based on the recommended settings defined by Microsoft  Oracle Linux 9 Security Configuration Benchmark Version v2.0.0, published on June 25, 2024.  This version adopts a script-based approach, where compliance checks and remediations are executed using PowerShell scripts.

Determine whether you need to install the template

If you are installing TrueSight Server Automation version 26.1for the first time (fresh installation), no action is required because this template is installed as a part of the 26.1 installation process.

If you have upgraded to 26.1 or later, this template is not installed automatically. To install this template, do one of the following actions:

  • Perform the steps mentioned in this topic.
    Through this method, the CIS template for Oracle Linux 9 is installed.
  • Upgrade the compliance content by using one of the following methods:

Note: Rename any existing customized template before you run the Auto Content Import Job or install the template manually. 

  • Through the Auto Content Import Job after the upgrade: During the Application Server upgrade, the Network Shell script of this job is updated. After you upgrade TrueSight Server Automation, execute this job to obtain the latest compliance content. Through this method, the latest version of all the templates that are available in version 26.1 is installed.
    For the complete list of supported templates and their versions, see Compliance Content support and requirements.
  • Install manually by using the content installer: Make sure that you use the content installer of the same version as the Application Server version.
    For information about how to install the compliance content manually, see Walkthrough: Loading compliance content.
    When you use this method, you have the flexibility to choose the template you want to install from the set available in version 26.1.

Step 1: Downloading and installing

  1. Download the CIS - Oracle Linux 9 package from the BMC EPD website and follow these steps:
    1. Log in to the BMC EPD Website.
    2. Go to Additional Products tab, under View By Category, and select Server Automation.
    3. Go to:
      • TrueSight Server Automation > TrueSight Server Automation 25.4.00 or
      • TrueSight Server Automation Compliance Module > TrueSight Server Automation Compliance Module 25.4.00.
      • Download the TSSA 25.4.00 CIS Updates for CIS - Oracle Linux 9.
    4. It includes the following:
      • CIS - Oracle Linux 9.zip
      • extendedobjects.zip
      • CIS_Oracle_Linux_9_Benchmark_v2.0.0.pdf
      • RELEASE_NOTES_FOR_CIS_OEL_9.docx
    5. Verify the downloaded content by using the following checksums:
      File nameChecksumMD5SUM
      CIS - Oracle Linux 9.zip0a0e78b0ccd86d28df500bbba6f5ce40b28337b366f04160175da3b205d62f20
      ExtendedObjects.zip6c5f02a02c29a5a7797233d28506a33ef86aa99d67293ea22523e450fa9a5b8c

  2. Take backup of existing extended objects under <Appserver_Install_Path>/share/sensors and then replace    the extended object scripts on all appservers. 
    The extended object scripts are present at <Appserver_Install_Path>/share/sensors location.

  3. Move the CIS - Oracle Linux 9 package to your RCP client server.

Step 2: Importing the Compliance Content

  1. Log on the Console.
  2. Right-click on Component Templates and click Import.

1769511078153-517.png  

a. Select the Import (Version-neutral) option and click OK.

1769511078155-297.png

 b. Select the CIS-Oracle Linux 9.zip package from the temporary location

The CIS template for CIS - Oracle Linux 9 is available in the CIS - Oracle Linux 9.zip package. To import the templates,      

select the CIS - Oracle Linux 9.zip and click Next.

1769511078157-293.png

C. Ensure that you select the Use existing objects and Preserve template group path options, before you click Next.

1769511078157-440.png

d. Navigate to the last screen of the wizard and click Finish.

1769511078158-635.png  

e. Click OK. The templates are imported successfully.

1769511078160-910.png

Step 3:The Templates are imported successfully and is shown under CIS Compliance Content>CIS.

1769511078161-623.png

Summary:

Additional Information: The hotfix contains the Center for Internet Security (CIS) template for CIS - Oracle Linux 9, with implementation for 369 rules that can be installed on True Sight Server Automation 25.4.00. This template is created based on the recommended settings defined by CIS Oracle Linux 9 Benchmark v2.0.0, published on June 25, 2024.

Rules within the template

The following are the details of the 369 rules provided in the zip package. It contains the following types of rules:

  • Rules that check for compliance(audit) and provides remediation – 275
  • Rules that check for compliance(audit) but do not provide remediation – 94
  • Rules that do not check for compliance and do not provide remediation - 0

The following are the details of the rules that are divided into parts:

  • Rules not divided into parts = 250
  • Rules are divided into two parts (34 Rules), so (34* 2) = 68
  • Rules are divided into three parts (8 Rules), so (8* 3) = 24
  • Rules are divided into four parts (1 Rule), so (1 * 4) = 4
  • Rules are divided into five parts (1 Rule), so (1 * 5) = 5
  • Rules are divided into six parts (3 Rules,) so (3 * 6) = 18

So, the current rule count according to the CIS Oracle Linux 9 template after running the compliance job is 369 (250+68+24+4+5+18).

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

TrueSight Server Automation 26.1