Anyone gone through the custom checklist wizards?

solly119 · October 6, 2023, 1:43pm

Hello,

Unfortunately it will be a while before I get my account to test this myself, but I’ll need to create a custom checklist for RedHat systems running a DB.

Most of the HCL docs I’ve seen reference running a script for UNIX-based checks:

https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_App_User_Guide_WebUI/t_creating_custom_check_using_unix_content.html

but in my case I have a specific file I need to pull lines from, so relevance would by far be the easiest and quickest way to check for compliance.

There are some inconsistencies with HCL docs though, such as this one specific to custom UNIX checks that only requires a script if remediation is needed:

https://help.hcltechsw.com/bigfix/9.2/compliance/Security_and_Compliance/SCM_Users_Guide/t_creating_custom_unix_scm_content.html

So my question is, has anyone gone through (or maybe can go through) the custom SCM checklist wizards and can fill me in? I see no reason I can’t use the “Relevance SCM Checks” wizard even if it is for RedHat, but would love to get confirmation.

Thanks so much!

menglish66 · October 11, 2023, 10:06pm

Yes, you can definitely use the “Relevance SCM Checks” wizard for *nix.

The wizards are there mostly to eliminate duplicate SCM guids in the metadata so it can be imported into the SCM console.

Even after generating, you’ll still be able to rewrite any relevance and even add remediation if desired.

MatthiasW · October 12, 2023, 7:59am

We use both the unix as well as the “custom relevance…” wizard. There is some older additional documentation available:
https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en#!/wiki/BigFix%20Wiki/page/SCM%20Custom%20Fixlet%20Authoring

Usually I create a custom checklist from a source which comes my request as near as possible, in your case maybe “CIS for db2 on linux” or similar. This helps to have an initial structure and first applicability fixlets.

Using the wizard I create needed custom fixlets and analysis afterwards, depending on the need with a minimal relevance. These fixlets can be edited in bigfix directly or exported and edited with a xml editor like notepad++ or vscode.
Here is also some fine documentation about such steps: Creating custom checklists for internal policies

And of course, start with a very limited number of test computers subscribed to the new site to make debugging easier.