Ways to link and import audit policies

You can import or save an audit policy to an audit, snapshot specification, or another audit policy:

Linking an audit policy to an audit or a snapshot specification

Linking an audit policy to an audit or snapshot specification creates a link that uses the rules from the audit policy for the audit or snapshot specification.

Linking to an audit policy is useful when a policy setter wants to define a server configuration policy for servers and then have other users link their audits and snapshot specifications to the same audit policy. If the policy setter makes any changes to the audit policy, the changes will be reflected in the audits or snapshot specifications that are linked to the policy.

When an audit policy is linked to an audit or snapshot specification, the rules cannot be modified in the context of the audit or snapshot specification. However, you can access the audit policy and edit its rules if you have the required user permissions.

If the audit or snapshot specification you are linking the audit policy to already has rules defined, all pre-existing rules in the audit or snapshot specification will be overwritten when you link to an external audit policy.

To link an audit policy to an audit or snapshot specification:

  1. Open an existing audit or snapshot specification from the SA Library:
    1. In the navigation pane, select Library > Audit and Remediation > Audits. Select an operating system: Windows, UNIX or VMware ESXi. From the content pane, open an audit.
    2. In the navigation pane, open an existing snapshot specification from select Library > Audit and Remediation > SnapshotSpecifications. From the content pane, open a snapshot specification.
  2. From the Actions menu, select Link to Policy.
  3. In the Select an Audit Policy window, select an audit policy to link to the audit or snapshot specification. You can only link to one audit policy per audit or snapshot specification. However, you can link multiple audit policies to one audit policy. see Creating an audit policy . or Linking audit policies to a master audit policy.
  4. After you have selected an audit policy, click OK.

    If you are linking an audit policy to an audit or snapshot specification that already has rules defined, a message prompts you to confirm whether you want to overwrite any existing rule definitions. Click Yes to import the audit policy and overwrite pre-existing rules.
  5. From the File menu, select Save to save the audit or snapshot specification.

Linking audit policies to a master audit policy

Linking an audit policy to another audit policy enables you to combine multiple audit policies into a single, master audit policy. Because you can link as many audit policies as you want to an audit policy, you can build and reuse existing audit policies as a single audit policy that meets a specific auditing need.

When you link one or more audit policies to an audit policy, the linked audit policies become children of the parent (or master) audit policy. If you create an audit that links to the parent audit policy, when you run the audit on a target server, the rules from all linked policies are run against the target server.

Example: Your SA Library contains several individual audit polices that define compliance standards for a group of HP-UX servers. One policy contains rules that check to make sure the FTP services are enabled. Another policy contains rules that check to make sure that cron logging is always enabled. In this example, you can create a single master audit policy that links to these two policies. This master audit policy can, subsequently, be referenced to by other audits.

To link audit policies to a master audit policy:

  1. In the navigation pane, select Library > ByType > Audit and Remediation > AuditPolicies.
  2. Select an operating system: Windows, UNIX or VMware ESXi.
  3. Select an existing audit policy or create a new audit policy. See Creating an audit policy .
  4. In the Audit Policy window, in the Views pane, select Source if you want to use a managed server to base the audit policy’s rules on.

    Note This step does not apply to ESXi servers because they are not managed servers.

    1. Click Select to choose a source server for the audit policy.
    2. In the Select Server window, select a server and then click OK.
  5. In the Audit Policy window, in the Views pane, select Rules
    1. If you want to edit any of the linked audit policies, from the Rules list, select an audit policy and then click to open the Audit Policy window.
    2. If you want to link other audit policies to this audit, click to select an audit policy.
  6. In the Select an Audit Policy window, select one or more audit policies to link to the audit policy and then click OK to save your selections.

  7. If you link one or more audit policies to an audit policy, you can still configure individual rules in the audit policy. All rules from an externally referenced audit policy will be combined with any rules you create in the audit policy.

  8. In the Views pane, in the Rules list, create any other rules you want to include in the audit policy. See Audit and snapshot rules.

  9. After configuring the audit policy, from the File menu select Save. After it is saved, the audit policy is ready to be linked to another audit policy.

Importing audit policy rules

Importing an audit policy into an audit or snapshot specification allows you to import (and optionally merge) an audit policy’s rules into an audit or a snapshot specification, without keeping a link to the audit policy.

After you import an audit policy, there is no longer a connection to that audit policy. Any changes made to the source audit policy are not reflected where the audit policy was imported into.

To import an audit policy into an audit:

  1. Open an existing audit or snapshot specification from the SA Library:
    1. In the navigation pane, select Library > Audit and Remediation > Audits. Select an operating system: Windows, UNIX or VMware ESXi. From the content pane, open an audit.
    2. In the navigation pane, open an existing snapshot specification from select Library > Audit and Remediation > SnapshotSpecifications. From the content pane, open a snapshot specification.
  2. From the Actions menu, select Link to Policy.
  3. If the audit or snapshot specification already has rules defined, choose to either to overwrite the existing rules or merge the audit policy rules with the existing rules.

    Best Practice: Depending on the rule type, merging rules can produce different results. As a best practice, review all resulting rules to make sure that the merged audit policy rules meet your requirements or need to be modified.

    If you click Yes, the audit policy will overwrite any existing rules in the audit or snapshot specification.

    If you click No, the audit policy will merge the audit policy rules with any existing rules. If any conflicts are found, the audit policy rules will overwrite any existing rules.

  4. From the File menu, select Save to save the audit or snapshot specification.

Saving an audit or a snapshot specification as an audit policy

You can save an audit or a snapshot specification’s rules as an audit policy. The audit policy can then be used in another audit or snapshot specification. If your audit rules require the latest Agent on the target servers, the SA Client displays a message reminding you to update the Agents or create exceptions in the audit to avoid runtime errors.

All audit policies you create must be saved in the SA Library in a folder. Each audit policy name within a folder must be unique. To save an audit policy to a folder, you must have permissions to write to that folder. For more information on folder permissions, see the SA 10.51 Use section or contact your SA administrator.

To save an audit or snapshot specification as an audit policy:

  1. Open an existing audit or snapshot specification from the SA Library:
    1. In the navigation pane, select Library > Audit and Remediation > Audits. Select an operating system: Windows, Unix or VMware ESXi. From the content pane, open an audit.
    2. In the navigation pane, open an existing snapshot specification from select Library > Audit and Remediation > SnapshotSpecifications. From the content pane, open a snapshot specification.
  2. After you have configured the audit’s or the snapshot specification’s rules, from the File menu, select Save As.
  3. In the Save As window, enter a name and description.
  4. In the Type list, select Audit Policy.
  5. Click Select.
  6. In the Select Folder window, choose a folder where you want to save the audit policy and then click OK. The audit policy is saved and can be accessed at Library > Audit and Remediation > Audit Policies.