3 Assess Compliance with Your Corporate Standards
The Oracle Configuration and Compliance custom corporate standards provide the ability to extend industry-standard benchmarks and cloud resource evaluations.
Topics:
Custom corporate standards let you to execute any process and map the exit code or standard out message to a compliance rule violation, whether the process passes or fails. You can extend industry-standard benchmarks or cloud resource evaluations with your own standards as part of implementing regulatory requirements. This chapter covers this standalone configuration business use case. In addition to custom corporate standards, Oracle Configuration and Compliance can execute industry-standard benchmarks and cloud assessments independently or as part of the same assessment evaluation. On-premises, cloud-only, and hybrid cloud customers benefit because they can enforce all three capabilities within a single policy assessment.
Typical Workflow for Assessing Compliance with Your Corporate Standards
| Task | More Information |
|---|---|
| Add a Secure Socket Shell (SSH) host credential | Define SSH Host Credentials |
| Run SCAP assessments with Expanded Privileges | Run SCAP Assessments with Expanded Privileges |
| Run an assessment with corporate standards | Run Assessments with Corporate Standards |
Run SCAP Assessments with Expanded Privileges
You can run SCAP Assessments from your terminal using Oracle Configuration and Compliance.
To successfully evaluate all rules in standard benchmarks, SCAP requires root access to run assessments. The following example is for OSCAP, but the same principle can be used for CISCAT or other third party tools.
-
Configure the user that is running the agent with no password sudo access.
For example, assume the agent was installed as user oracle. Make the following changes in /etc/sudoers on every target system that is running the cloud agent.Note:
You must distribute this configuration file among all hosts that use a privileged sudo execution.
... # # Disable "ssh hostname sudo <cmd>", because it will show the password in clear. # You have to run "ssh -t hostname sudo <cmd>". # Defaults requiretty # The agent user emga needs to disable tty Defaults:emga !requiretty ... ## ## Allow root to run any commands anywhere root ALL=(ALL) ALL # Allow agent user oracle to run root commands without prompting for password oracle ALL=(ALL) NOPASSWD:ALL .... -
Modify the PATH property of the relevant Engine Configuration from "/usr/bin/oscap" to "sudo /usr/bin/oscap".
Run Assessments with Corporate Standards
The process of running a custom rule assessment is fundamentally the same for executing any assessment template to achieve a compliance business objective. The assessment template supports mixing and matching one or more cloud resources, industry-standard benchmarks, and custom rules with an associated grouping of entities.
- From the menu, select Assessment and click Templates.
- Click Add and enter a name and a description for your assessment.
- Select the check boxes for the custom rulesets that you want to assess.
- Click Add and select the entities for which you want to apply the selected rulesets
- Select a schedule and click Save.