Topic
  • 5 replies
  • Latest Post - ‏2012-10-09T20:13:02Z by Jeff Saxton
LeoCiociano
LeoCiociano
2 Posts

Pinned topic Customizing Security Checklists

‏2012-04-09T21:54:32Z |
I've created a custom security checklist configuration site where I included some of the fixlets from "DISA STIG Checklist for Red Hat 4".

Next to that, I run fixlet "Deploy and Run Security Checklist RedHat 4" (from my new checklist) and then Red Hat clients automatically create, under '/var/opt/BESClient/__BESData/CustomSite_MyChecklist/', a directory structure where it stores data gathered from the server for those specific fixlets I included in my custom checklist.

Looking at the actions from fixlet "Deploy and Run Security Checklist RedHat 4" I see it creates and runs several scripts with info gathered from properties 'x-fixlet-remediate-scripts' and 'x-fixlet-detect-scripts' that are saved on each existing fixlet.

I think I understand how it works. It tooks the fixlet detect and remediate scripts data from those properties and saves it on '/var/opt/BESClient/__BESData/CustomSite_MyChecklist/SCM/Linux/4' (using base64.decode) and then the fixlets use those scripts for remediation and detection.

Now I want to create my custom fixlet with the posibility to work with the same concept, and here is where I crash.

I can't find where should I define the properties 'x-fixlet-remediate-scripts' and 'x-fixlet-detect-scripts' in my custom fixlets (with my scripts data), so when the deploy fixlet reads them, it can create my custom scripts for my specific fixlets.

Is it possible?
Is there any documentation about it?

Thanks in advance.
Leo
  • Jeff Saxton
    Jeff Saxton
    21 Posts

    Re: Customizing Security Checklists

    ‏2012-04-10T18:27:19Z  
    Here is a document that has been prepared to help you create your own custom Unix SCM fixlets that work within the existing framework.

    https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Custom%20Fixlet%20Authoring

    if you need aditional help after reading the documentation I am available to answer questions

    Jeff Saxton
    jsaxton@us.ibm.com
    Mobile: 650-235-0776 GMT-7
  • LeoCiociano
    LeoCiociano
    2 Posts

    Re: Customizing Security Checklists

    ‏2012-04-10T18:52:22Z  
    Hi Jeff,
    Thanks for your answer. I've read the document you told me, but it doesn't say anything about how to edit this metadata.
    Looking around, I found out that if I export the fixlet, I'm able to edit its content (the metadata) and then import it again. I didn't try it yet, I'm on testing phase, hope it works.
    My question is,
    Is this the right procedure?.
    Is there any other way to edit these parameters?.
    Does TEM console allow me to edit the metadata?.
    Is this procedure supported by the application?.

    Thanks again.
    Leo
  • Eric Walker
    Eric Walker
    34 Posts

    Re: Customizing Security Checklists

    ‏2012-06-06T16:38:22Z  
    Hi Jeff,
    Thanks for your answer. I've read the document you told me, but it doesn't say anything about how to edit this metadata.
    Looking around, I found out that if I export the fixlet, I'm able to edit its content (the metadata) and then import it again. I didn't try it yet, I'm on testing phase, hope it works.
    My question is,
    Is this the right procedure?.
    Is there any other way to edit these parameters?.
    Does TEM console allow me to edit the metadata?.
    Is this procedure supported by the application?.

    Thanks again.
    Leo
    Hi Leo,

    The only supported way to customize SCM content at this time is through the copy wizard that has just been released. In addition, some wizards will soon be available in BigFix labs which will help to make new checks.

    In order to make modifications or create new content at the level of detail mentioned in the link that was provided, for the moment you'll need to export the content as XML, modify it and import it again. Doing this in a way that doesn't lead to errors in the console or in the SCA application is challenging but possible.

    Over the longer term we hope to gradually roll out a set of functionality that will enable the kind of content authoring you're trying to do. This will be a long term project, and there are no concrete targets at this point, but it's something that we appreciate the need for and are actively working on facilitating.

    Eric
  • Jeff Saxton
    Jeff Saxton
    21 Posts

    Re: Customizing Security Checklists

    ‏2012-06-06T18:08:29Z  
    Hi Jeff,
    Thanks for your answer. I've read the document you told me, but it doesn't say anything about how to edit this metadata.
    Looking around, I found out that if I export the fixlet, I'm able to edit its content (the metadata) and then import it again. I didn't try it yet, I'm on testing phase, hope it works.
    My question is,
    Is this the right procedure?.
    Is there any other way to edit these parameters?.
    Does TEM console allow me to edit the metadata?.
    Is this procedure supported by the application?.

    Thanks again.
    Leo
    Yes, currently if you wish to edit the metadata of a fixlet you must export the fixlet, edit it with your favorite editor (vi for example) then import it back in.

    In addition I plan on releasing a tool in the next week or so which will allow you to create custom SCM fixlets
    just by pasting in your shell script (in the case of Unix) or Relevance, these will be released in the SCM Labs site.

    If you need any further assistance please feel free to call me at +US 650-235-0776, I'm in the PDT timezone.
  • Jeff Saxton
    Jeff Saxton
    21 Posts

    Re: Customizing Security Checklists

    ‏2012-10-09T20:13:02Z  
    Leo,

    Fairly recently we released a couple of Wizards that facilitate creation of your own custom SCM content and its integration into
    pre-existing SCM sites that have been created with the 'Create Custom Checklist' Wizard, they are:

    Create Custom Relevance SCM Content, which allows you to express checks in relevance
    and
    Create Custom Unix SCM Content, which allows you to express checks in shell script and will produce content that is compatible
    with the 'Deploy and Run' task.

    If you need any help with these please feel free to contact me.

    Jeff Saxton
    jsaxton@us.ibm.com
    CELL: 650-235-0776