10 Replies Latest reply on Jan 22, 2010 10:55 AM by Adam Bowen

    Are there updated CIS templates for RedHat 5 and Solaris 10?

    Alan Russell

      I have been attempting to get our BL admins to find this information out but they have not been successful. What I have going is I see under the CIS Compliance Content 7.5.0.620 folder a number of CIS templates. Two of those are not current to what CIS has on their website. These are the Solaris 10 and RedHat 5 specifically. What I would like to know is if there is a update that I can download to add the newer revisions.

       

      I saw this link in some similar posts -

      https://www.bladelogic.com/support/downloads.jsp

       

      but when my admin goes there to search he says he can't find any content  past 7.4.6. I am not sure what that means but perhaps there is another link for the version of BL we have.  I'd like to get NIST templates also if they are available.

       

      Regards.

        • 1. Re: Are there updated CIS templates for RedHat 5 and Solaris 10?
          Vinnie Lima

          There is a 7.6 - 644 Compliance Content out there. Open a ticket with support and they can provide it to you.

           

          I'll know in a little bit if there is anything for Sol10/RedHat 5.X as I need it for our use too.

          • 2. Re: Are there updated CIS templates for RedHat 5 and Solaris 10?

            New content is not being developed for the older versions of BL. And new content would be released for 8.0.

            • 3. Re: Are there updated CIS templates for RedHat 5 and Solaris 10?
              Alan Russell

              Would 7.6 compliance templates be compatible with 7.5?  I am not aware of the release dates of the different versions of Blade Logic but the latest Red Hat 5 standard from CIS is ver 1.1.2 dated June 2009.  I assume if 7.6 was out before that date then it would be out of date also.

               

              It is appearing to me that I will need to update the BL included templates with the changes in the current standards on the latest CIS docs.

               

              Regards.

              • 4. Re: Are there updated CIS templates for RedHat 5 and Solaris 10?
                Alan Russell

                Would you know of the content in 7.6 with regards to the compliance templates is any different than what is included with 7.5?

                 

                Regards.

                • 5. Re: Are there updated CIS templates for RedHat 5 and Solaris 10?

                  I am pretty sure they are the same because the release cycles were really close together. Our content is provided as a "leg up" style kit. So we periodically update them to take advantage of new features or bugs, but that is about the full extent of it right now.

                  • 6. Re: Are there updated CIS templates for RedHat 5 and Solaris 10?
                    Vinnie Lima

                    Its a real shame because as I've observed, there are still a few (or lots) customers running pre-7.6 BL releases.  Its naive to believe that all your customer base will migrate to your latest and greatest (and to say, major) release. We certainly wont be moving to 8.0 for quite a few months.

                     

                    I'll be putting an official request for the latest CIS/DISA STIG templates for Win2008/RHEL5/SOL10 under BL 7.6.  Maybe if we can get enough customers to submit similar request BMC will listen.

                    • 7. Re: Are there updated CIS templates for RedHat 5 and Solaris 10?

                      Vinnie,

                       

                        We've spoken with one another about compliance questions in the past, so I will ask that you please give me the benefit of the doubt when I tell you that I understand the issue pretty throroughly.  I can tell you with a  high degree of certainty that the people making those decisions are not "naive" about this.  They are people who design software for a living, so they have a pretty good idea of the upgrade cycle.  They know that customers won't always move to the newest release immediately; in fact, they plan for it.  It's the same with any software.  If you want new features, you move to the new release.  If your needs are met by the previous release, there is no reason to move to the new release.  On the other hand, content does tend to be viewed differently by customers, which is something product management has been examining as an overall part of the product.  Let me ask you this: How much would back-ported versions of newer content be worth to your organization on an annual basis?

                       

                      -Jude

                       

                      Message was edited by: Jude

                      • 8. Re: Are there updated CIS templates for RedHat 5 and Solaris 10?
                        Vinnie Lima

                        I see compliance content updates like changing oil in my car......need to get it done often to keep the product functional for daily use.

                         

                        So, short answer, very important to be adaptable to the ever evolving technologies we are trying to manage with Bladelogic.

                         

                        Active Directory on 2008

                        Exchange 2010

                        Oracle 11g

                        Windows 2008

                        Windows 7

                        Red Hat Linux 5.x

                        VMWare ESX 4 (vSphere)

                         

                        These are all technologies which we are going to have to tackle. If I have to do it from ground up, so be it, but I hope I dont have to.  Thus the need/question for compliance template updates from BMC.

                         

                        My question to BMC is:  what's your strategy on these compliance templates?  How often are you planning to update them in relation to the ever changing updates from CIS/DISA and other institutions?

                         

                        Thanks!

                        • 9. Re: Are there updated CIS templates for RedHat 5 and Solaris 10?

                          I think that is the point that Jude and I were articulating. Right now, since our content is free, it is just offered as a leg up kit to give you an initial load to base your own content on. There has been talk about a fee-for-subscription style of offering where you would pay an annual fee and BMC would be held to certain SLA's concerning content release, fixes, and updates. Really, it is a matter of cost effectiveness. But to a point you made in one of your earlier posts, the squeaky wheel gets the grease. The more tickets that are opened for updated content, etc, the more visibility it gets to our executives and more likely the request will be granted.

                          • 10. Re: Are there updated CIS templates for RedHat 5 and Solaris 10?

                            It should also be noted that the old bladelogic.com support site is no longer updated.  For updated downloads, you should visit the BMC Electronic Product Download page.