SIMP Logo
Sicura Console
  1. Introduction
  2. Installation
  3. RPM Installation
  4. Container Installation
  5. Upgrades
  6. Running Sicura Console
  7. Configuration - Accounts
  8. Configuration - Database
  9. Configuration - Collector
  10. Configuration - Security
  11. Configuration - Plugins
  12. Configuration - Experimental
  13. Sidebar - Administration
  14. Sidebar - Infrastructure
  15. Sidebar - Profiles
  16. Sidebar - Reports
  17. Sidebar - Scheduling
  18. Commands
  19. Known Issues
  20. How To - Enforce compliance
  21. How To - Enforce custom profiles
  22. How To - Use the API

Profile Customization

Sicura allows users to export subsets of policies in order to customize what is (or is not) enforced out of any given baseline policy.

Step 1: Download a profile

###Profiles can be obtained 2 different ways.

  1. Either by downloading one from the Profiles > Enforcement page.
  2. Or by choosing a subset of rules from a scan: First go to the Infrastructure > Nodes page via the sidebar navigation and select a node with scan results in the baseline policy (i.e. CIS Server Level 2).

For example:

Step 2: Enforce the Custom Policy

Once profile data has been exported, you will have a custom policy created in YAML to be used by the SIMP Compliance Engine. For example:

---
compliance_markup::compliance_map:
  version: 2.0.0
  profiles:
    simp_console_enforcement:
      ces:
        oval:simp.disa.V-204625:def:1: true
        oval:simp.disa.V-204617:def:1: true
        oval:simp.disa.V-204616:def:1: true
        oval:simp.disa.V-204615:def:1: true
        oval:simp.disa.V-204614:def:1: true
        oval:simp.disa.V-204613:def:1: true
compliance_markup::enforcement:
- simp_console_enforcement

This policy can be used for continuous enforcement via Puppet by following the documentation here. If you plan to export multiple custom profiles for use with SIMP Compliance Engine, you will need to change the profile name from simp_console_enforcement to a unique name.