5 Replies Latest reply on Apr 20, 2012 12:48 PM by Bill Robinson

    Issue with Compliance remediation in BBSA



      We are using a number of extended objects for application compliance ie Apache, all the compliance is working fine but now need to create remediation packages for the compliance rules....


      The issue is the extended object runs and pulls back a value that is a variable or example a path to a file (sometimes a number of files), then when trying to remediate this the path of the file needs to be entered into the BL package, is there anyway of using some sort of wildcard or variable to take the out put of the extended object and populating the BL remediation package with it? There is also going to be multiple instances involved....


      Any suggestions...

        • 1. Issue with Compliance remediation in BBSA

          You can use paramterized properties in the remediation package (although I don't know how to take the value from the extended obkect and add it to the propert value ).

          • 2. Issue with Compliance remediation in BBSA

            Please clarify

            You have a compliance job - that means you are checking something/some configuration etc,

            For the remeidiation which is associated with a compliance rule, the blpackges should be pre-created.


            Do you want to create a BL package during the compliance check ? Why do you want to do that ?

            You must be running compliance against a well known configuration, that implies you must already know the correct path/value of variables.


            If you want to capture a configuration from a server, one way of doing that will be taking a snapshot of the object and building a blpackage from that object.


            Back to  your question ? Please elaborate what your extended object is like, central or remote ?


            Personally, I would use compliance to check and give me results in terms of pass/fail.

            If i Know a Gold /Good configuration I will take the snapshot and package the same.


            Or, If my remediation package needs some dynamic data which is popualted based on some existing paths/variables/config on the  target, I will scipt the blpackage intelligently so that the blpackage during deploy itslef captures all such information and makes use of it.




            • 3. Re: Issue with Compliance remediation in BBSA
              Bill Robinson

              What is the EO pulling the variable into ?  a server or component property?

              • 4. Issue with Compliance remediation in BBSA
                Joe Piotrowski

                I think this is Kate's scenario; the customer has many Linux servers running Apache, but Apache was installed and configured manually. The OS is unaware that Apache is installed and the locations of the Apache instances are different.


                So they are running EO scripts designed to scan the OS looking for Apache instances and the users of each instance. The results will be;

                - No Apache instances found

                - Found one or more Apache instances in various locations with various users


                I think they are leveraging the server.xml and tomcat-users.xml of each instance for this purpose.


                So what I think Kate is asking, after they run these EO scripts, is there a way to utilize the found instances and users on each server as variables to create remediation packages leveraging those same variables.

                • 5. Re: Issue with Compliance remediation in BBSA
                  Bill Robinson

                  So… the server.xml and web.xml are not used for apache httpd.  They are used for apache tomcat..  so just to be clear I think you are talking about tomcat.


                  The short answer is not easily.


                  The long answer is sure – you could run pretty much the same scripts and scrape the details into a property value on the component.  And then when you run the deploy push to the component and read the values from the target component.  But there is no way to point the blpackage directly at EO output.

                  1 of 1 people found this helpful