banner



Home  ›  How To Comply About Template

How To Comply About Template

Written By Thursday, 14 April 2022 Add Comment Edit

This topic walks you through the process of creating a simple compliance template using BMC BladeLogic Server Automation (BSA).

This topic includes the following sections:

The video at right demonstrates the process of setting upward a compliance template.

https://youtu.be/lccjjaXsxzw

Introduction

This topic is intended for system administrators and compliance officers who are responsible for ensuring that server configurations adhere to industry and organizational standards.

The goal of this topic is to demonstrate how to create and edit a simple component template that includes two rules. The rules test for compliance with password standards.

What does this walkthrough show?

This walkthrough shows how to create a simple component template. The template consists of 2 security settings well-nigh password handling and rules related to those settings. You can apply this template as the basis of a Compliance Job that tests whether components on servers satisfy the 2 rules. For a description of how execute a Compliance Chore, run across Walkthrough: Compliance audit based on a policy.

Remediation is the process of correcting deficiencies discovered by a Compliance Job. This walkthrough does not testify how to contain remediation content into a component template. For a clarification of that process, run across Walkthrough: Creating remediation objects for a compliance template.

Many component templates are much more complex and comprise many compliance rules. BSA provides prepackaged component templates that you can use to exam for compliance with diverse industry standards. Come across Walkthrough: Loading compliance content for a clarification of how to load those prepackaged templates.

What do I need to practice earlier I become started?

For this walkthrough, we accept logged on every bit BLAdmin, the default superuser for BSA. In production environments, BMC recommends that yous grant access based on roles with a narrower ready of permissions.

How to create a template used for compliance testing

Step Case screen
1

Using the Component Templates binder in BSA, navigate to a location where you want to create a component template. Right-click and select New > Component Template. A sorcerer opens that guides you through the process of creating a component template.
two

On the General panel of the wizard, enter a name for the template. Then select the blazon of operations you want to allow for this component template. In this example, we select Detect, Browse, Compliance, and Let Remediation. Finally, click Finish.

Later, you add together more circuitous information to the component template during an editing procedure.
3 Select the component template y'all just created. Correct-click and select Open. The component template opens to the General tab. Tabs representing other steps in the template definition procedure appear at the lesser of the pane.
four

Assign parts to the component template.

  1. Click the Parts tab.
  2. Click the Add Part icon . The Select Parts dialog opens.
  3. Navigate to the blazon of server for which you want to test compliance. In this instance, nosotros select a server running Windows 2008.
  4. Expand the server to come across all the server object types bachelor on that machine.
    When selecting parts for a component template, you tin can use whatever of these server object types or the individual objects they incorporate.
  5. Expand Security Settings, expand Account Policies, and then expand Password Policy.
  6. Select Enforce password history and Maximum password age and move them to the New Parts list at right.
  7. Click OK.
    The parts yous have selected appear in the list on the Parts tab.

Component template parts frequently include a wide variety of server objects. To keep this walkthrough simple, nosotros selected only two parts.
five

Set up a rule grouping and begin to define the first dominion.

  1. Click the Compliance tab.
  2. Create a compliance rule group past clicking the Add New Dominion Group icon . Assign a name to the rule grouping. In this instance we call the group Password Compliance.
  3. Select the newly created compliance rule grouping and click the Add New Compliance Rule icon . The New Rule tab appears. It has three sub-tabs, displayed at the lesser of the pane.
  4. Assign a name to the dominion. In this case nosotros call information technology Maximum countersign historic period. Optionally, provide a description.


vi

Click the Rule Definition sub-tab and define the contents of the first rule.

  1. To define the start status of the rule, click the New Status icon and accept the following steps:
    1. In the commencement drop-down box, click the drop-downwards arrow, expand Configuration Objects, aggrandize Security Setting:Security Settings\Account Policies\Countersign Policy\Maximum password age and select Effective setting every bit Cord Value (Windows).
    2. In the side by side drop-down select does not equal. And so exit the side by side field empty.
    3. In the last drib-down on the row select AND.
  2. Click New Condition to start another condition:
    1. In the starting time driblet-down, aggrandize Configuration Objects, expand Security Setting:Security Settings\Account Policies\Countersign Policy\Maximum countersign age and select Local setting every bit String Value (Windows).
    2. In the next drib-down select does non equal and go out the next field empty.
    3. In the final drop-downwards on the row select AND.
  3. Click New Condition to start another condition:
    1. In the first driblet-down, aggrandize Configuration Objects, expand Security Setting:Security Settings\Account Policies\Countersign Policy\Maximum countersign age and select Effective setting as Integer Value (Windows).
    2. In the next drib-down select betwixt.
    3. In the adjacent 2 fields enter ane and 60. This means you must change your password at least every sixty days.
    4. In the last drop-downward on the row select AND.
  4. Click New Condition to starting time the last status:
    1. In the first drop-down, aggrandize Configuration Objects, expand Security Setting:Security Settings\Business relationship Policies\Countersign Policy\Maximum password age, and select Local setting every bit Integer Value (Windows).
    2. In the next drib-down select between.
    3. In the next two fields enter i and 60.
    4. In the last drop-downwards on the row select AND.
  5. Click Apply Condition Value, save your edits (Ctrl+S), and shut the tab defining this rule.

Taken together, these rules say that at that place must exist a value for countersign historic period and that the password must be between no older than 60 days.

Annotation: These rules are ready to examination both the local setting and the effective setting. The local setting is the setting established on a server by means of its local security policy or registry setting. The effective setting is the setting that is really in effect. They tin can differ if a server is part of a Windows domain and the domain level group policy object (GPO) overrides the local setting. Local and effective settings can also differ if the local setting has been changed but is not withal in effect. For example, the server may be in need of a reboot to apply a changed setting. BMC recommends setting up compliance rules to test both the local and constructive setting.

Defining commencement condition

Logical descriptions of all conditions

vii

Create a new rule.

  1. Select the existing compliance rule group (in this example information technology is called Password Compliance) and click Add New Compliance Dominion .
  2. Assign a proper noun to the rule. Nosotros call this dominion Password history. Optionally, you can provide a description.
8

Click the Rule Definition sub-tab and define the contents of the next rule.

  1. Click New Condition and accept the following steps:
    1. In the first drop-down box, click the driblet-downwards pointer, aggrandize Configuration Objects, expand Security Setting:Security Settings\Business relationship Policies\Password Policy\Enforce password history, and select Effective setting as String Value (Windows).
    2. In the next driblet-downwardly select does not equal and then leave the next field empty.
    3. In the last drop-down on the row select AND.
  2. Click New Condition to beginning another condition:
    1. In the first drop-down, aggrandize Configuration Objects, expand Security Setting:Security Settings\Account Policies\Password Policy\Enforce password history , and select Local setting equally String Value (Windows).
    2. In the adjacent drop-downwards select does not equal and and then go out the next field empty.
    3. In the last drib-downwardly on the row select AND.
  3. Click New Status to start another condition:
    1. In the first drop-down, expand Configuration Objects, expand Security Setting:Security Settings\Account Policies\Password Policy\Enforce password history , and select Effective setting as Integer Value (Windows).
    2. In the next drop-down select greater than or equal to.
    3. In the next field enter 24. This means you cannot reuse any of your last 24 passwords.
    4. In the final drib-downwardly on the row select AND.
  4. Click New Condition to starting time the last condition:
    1. In the first drop-down, expand Configuration Objects, aggrandize Security Setting:Security Settings\Account Policies\Password Policy\Enforce password history , and select Local setting as Integer Value (Windows).
    2. In the next drop-downwards select greater than or equal to.
    3. In the next field enter 24.
    4. In the last drop-down on the row select AND.
  5. Click Apply Status Value, salvage your edits (Ctrl+S), and close the tab defining this rule.
  6. Close the tab for the component template. Yous are prompted to save whatever changes. The component template is consummate.

Taken together, these rules say that there must be a value for countersign history and that the user cannot reuse whatever of his last 24 passwords.

 9

To support version management of the component template, commit the template to the local Git repository. This start commit represents the initial version of the template from the time of its creation.

  1. Click the Git Repository History tab.
  2. Higher up the list of revisions (which is currently empty), click the Commit push.

  3. In the Git Commit dialog box:

    • Adjust the email address.
    • Enter a summary bulletin to back-trail the commit.
    • Choose whether to include dependencies.

  4.  In the Git Commit dialog box, click Commit, and and then click OK in the informational message.

Commit details for the initial version of the component template are added on the Git Repository History tab.


Wrapping information technology upwards

Congratulations. You take created a component template. This template tin exist used to define a Compliance Job, which measures server compliance to organizational standards.

Where to become from here

See Walkthrough: Creating remediation objects for a compliance template for a description of how to attach a remediation object to a component template. As well, y'all tin encounter Walkthrough: Compliance audit based on a policy for a description of how to use a component template to run a Compliance Task.

The BSA documentation provides more than detailed instructions on setting up compliance rules in a compliance template.

Was this page helpful? Yes No Submitting... Thank you

How To Comply About Template,

Source: https://docs.bmc.com/docs/ServerAutomation/89/walkthrough-creating-a-compliance-template-653394387.html

Posted by: guyloctatintoo.blogspot.com

0 Response to "How To Comply About Template"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel