Sidebar - Profiles
Profiles are groupings of rules that are used to scan systems and enforce their compliance. On startup, the console provides profiles defined by various providers including:
- CIS (Center for Internet Security)
- DISA (Defense Information Systems Agency)
- SSG (SCAP Security Guide)
Each of these providers includes numerous profiles depending on your compliance needs. Any of these profiles can be scanned on any of our various supported platforms, and then enforced either using the console’s built-in enforcement feature, or by using the SIMP Compliance Engine in a Puppet environment.
Scan Profiles
Currently, scan profiles can only be accessed from the Scan dropdown or from the Node Settings/Default Profile selection.
In a future release of the console, a dedicated page will be created to view built-in profiles, create custom ones, and link them to enforcement profiles.
Enforcement Profiles
The enforcement profiles page provides a top-down view of any profile that can be used to enforce settings on a system.
The page is split into 2 sections.
- Default
Profiles located under the default tab are populated the first time the console is loaded and will update any time the console is updated to a newer version.
Note: On first startup of a brand new install, it maye take a few minutes for this list to be fully populated. Simply wait until the loading spinner goes away and the table appears before use.
Each profile is listed as an entry in the datatable. In the case you’d like to take a profile and create a custom one from it. Simply click the copy button on the Actions
column.
The Actions
provides 2 actions to be taken on any default profile.
- Copy: Creates another custom profile based on the contents of this profile.
- Download: Downloads the profile as YAML to be used with SIMP Compliance Engine
This will bring up the new profile drawer. Enter in the relavant information before continuing.
Once created click over to the custom tab to continue.
- Custom
Whenever you copy a default profile, it will appear in this custom tab. The name, version and description provided can be viewed here as well as the name of the user that created the profile.
Note: Currently only admin users can access enforcement profiles. Profiles will be integrated into the RBAC system in a later release.
The Actions
provides 4 actions to be taken on any custom profile.
- Edit: Opens the edit window for easy manipulation of the profile. (See below)
- Copy: Creates another custom profile based on the contents of this profile.
- Download: Downloads the profile as YAML to be used with SIMP Compliance Engine
- Delete: Removes the profile.
Editing a profile By clicking the edit button on a custom profile, the edit window will appear:
This window provides all the details to a profile including its name, description, creation date, and creator, but also the list of rules contained within that profile.
From here rules can be added or removed as a user sees fit.
Rules can be deleted by either clicking the X
to the right of the rule row, or by multi-selecting the rules you don’t want and clicking the Delete Rules
button that will appear.
Rules can be added via the + Add Rules
button.
This modal will provide the ability to add any rule from any other profile. Either all at once or one by one.