Click on the New button to open the CAS Template Set Definition panel.
Enter a unique name for the Template Set name.
From the drop down list select OS Type.
From the drop down list select DB Type. If the template set will be an operating system only template, select n/a (System) as the DB Type.
Click on the Apply button to save the CAS Template Set Definition.
To add items to the new template set, see Adding or Modifying Items in a CAS Template Set.
Access to CAS Configuration Functions, by default, is restricted to the admin user and to users who have been assigned the CAS role.
Click on the Assess/Harden tab.
You will be taken to another panel where a new lower set of tabs will be displayed for the Assess/Harden process flow.
Click on the Config. Change Control tab.
A process flow for CAS will be displayed.
The CAS Configuration Navigator panel is the starting point for creating or modifying CAS Template Sets.
To open the CAS Configuration Navigator panel:
Open the CAS panel.
See Finding the Guardium CAS panel for assistance.
Select Configure CAS templates or CAS template set config.
Use the CAS Template Set Definition panel to modify an existing CAS template set. Once a template set is in use on any CAS host, the modifications that you can make to that template set are limited. You will be able to make minor changes to various elements of the definition, but you will not be able to add or remove templates.
Use the List Filtering drop down lists for OS Type or DB Type to aid in filtering the template set list and finding the template set you would like to modify.
Highlight the Template Set you wish to modify and click on the Modify button to open the CAS Template Set Definition panel.
You can modify the unique name for the Template Set name.
To add items to the template set, see Define a CAS Template Set Item
Click on the Apply button to save the CAS Template Set Definition
Click on the Done button to return to CAS Configuration Navigator
Use the List Filtering drop down lists for OS Type or DB Type to aid in filtering the template set list and finding the template set you would like to modify.
Highlight the Template Set you wish to modify and click on the Clone button to open the CAS Template Set Definition panel.
Once cloned, use the CAS Configuration Navigator to find the new template set
Highlight the cloned template set and see Modify an Existing Template Set
Use the List Filtering drop down lists for OS Type or DB Type to aid in filtering the template set list and finding the template set you would like to modify.
Highlight the Template Set you wish to modify and click on the Modify button to open the CAS Template Set Definition panel.
Click on the Delete Set to delete the template set
Once a template set is in use on any CAS host, the modifications that you can make to that template set are limited. You will be able to make minor changes to various elements of the definition, but you will not be able to add or remove templates.
Use the List Filtering drop down lists for OS Type or DB Type to aid in filtering the template set list and finding the template set you would like to modify.
Highlight the Template Set you wish to modify and click on the Modify button to open the CAS Template Set Definition panel.
Click on the Add To Set button to create a new item
Note: If the Add to Set button is disabled, it’s because t the template set has been used in a host configuration, and cannot be added to at this point.
See CAS Item Template Definition Panel for further information
Use the List Filtering drop down lists for OS Type or DB Type to aid in filtering the template set list and finding the template set you would like to modify.
Highlight the Template Set you wish to modify and click on the Modify button to open the CAS Template Set Definition panel.
Click on the Edit icon button to the left of the item
See CAS Item Template Definition Panel for further information
Click on the Save button to save any changes
Use the List Filtering drop down lists for OS Type or DB Type to aid in filtering the template set list and finding the template set you would like to modify.
Highlight the Template Set you wish to modify and click on the Modify button to open the CAS Template Set Definition panel.
Click on the Edit icon button to the left of the item
Click on the Delete Item to delete this template set item
The following table describes the components in the CAS Item Template Definition panel and also columns that show up within the CAS Configuration Navigator. The Template Definition Panel is displayed when a new template item is being added through the Add To Set button or Edit Icon is clicked from the CAS Template Set Definition panel.
|
Component |
Description |
|
Enabled |
Indicates whether or not the item will be checked for changes. It is marked by default. |
|
Template Set name |
The name of the template set. This box is disabled for the Guardium preconfigured default template sets, which can not be renamed. We recommend that you do not begin a template set name with the word Guardium, so that you do not confuse your template set with the Guardium preconfigured default template sets. |
|
OS Type |
The operating system type: Windows or Unix. You can change this selection when the template set is empty, but you cannot change it if the template set contains one or more items. |
|
DB Type |
The database type: Oracle, MS-Sql, DB2, Sybase, or Informix; or N/A for an operating system template set. You can change this selection when the template set is empty but you cannot change it if the template set contains one or more items. |
|
Description |
An optional name for the item used in reports and to identify the item in other CAS panels (the CAS Template Set Definition for example). If omitted, the item name defaults to the file name or pattern, variable name, or script as appropriate for the Type |
|
Type |
OS Script or SQL Script: The actual text or the path to an operating system or SQL script, whose output will be compared with the output produced the next time it runs Environment Variable or Registry Variable: An environment variable or a (Windows) registry variable File or File Pattern: A specific file or a pattern to identify a set of files Note: If being used with CAS-based assessment tests this must be of type OS Script. |
|
Script content |
Depending on the type selected, this box is labeled as shown to the left and contains the OS or SQL script, environment or registry variable, a file name, or a file name pattern. Enter the script, variable name, file name, or file pattern as appropriate for this type. Typical wild card variables are allowed for file names, and patterns. To traverse the directory hierarchy, the convention is to use "..” (double dot) to indicate CAS to go all the way down in the directories hierarchy. For example: Monitor files ending with ’*so’ in the /home/oracle/bin/ directory and in all of the subdirectories you could use the following /home/oracle/bin/../.*so |
|
Permission Limit |
For File and File Pattern Type only. Used for Unix only - the permissions that this file should not exceed |
|
File Owner |
For File and File Pattern Type only. The owner of the file(s). |
|
File Group |
For File and File Pattern Type only. The group owner of the file(s). |
|
Period |
The average interval between tests, specified as a number of seconds(s), minutes(m), hours(h), or days(d). Data becomes available after the initial period is realized and up to and before the next period begins. |
|
Keep Data |
If marked a copy of the actual data is saved with each change. For example, for a file item, a copy of the file is saved. If marked but the size of the raw data for the item is greater than the Raw Data Limit configured for this CAS host, no data will be saved |
|
Use MD5 |
Indicates whether or not the comparison is done by calculating a checksum using the MD5 algorithm and comparing that value with the value calculated the last time the item was checked. The default is to not use MD5. If MD5 is used but the size of the raw data is greater than the MD5 Size Limit configured for the CAS host, the MD5 calculation and comparison will be skipped. Regardless of whether or not MD5 is used, both the current value of the last modified timestamp for the item and the size of the item are compared with the values saved the last time the item was checked. |