Most SCM content runs on all supported configurations of Tivoli Endpoint Manager. However, some content requires a specific minimum version of the Tivoli Endpoint Manager client (for instance the Unix content that uses the in-line parameterization model requires a version 8.1.551.0 client on all endpoints). See the SCM Checklists page for current supported configurations information.

 

The common steps for deploying SCM Unix content are:

 

  1. Ensure you have enabled the SCM Reporting content site and you have enabled the SCM sites you want to deploy.
  2. Do not subscribe computers to the external sites. Instead, content should be copied to a custom site using the "Create Custom Checklist Wizard".
  3. Once the content is copied to the custom site

    1. Remove any undesired checks and analyses.
    2. Deactivate all analyses except those for which you desire measured values reports. This will reduce the amount of time that the client takes to complete a full evaluation cycle and will also reduce unnecessary network traffic between the endpoints, relays and server.
    3. Set the computer subscriptions for the site, taking care to use appropriate selection criteria for the particular site.
  4. To deploy:
  5. Use the "Configure Filesystem Scan Options" fixlet to control which file systems and directories are included and excluded in a given scan. Note that on older and larger systems a scan can take significant time to complete, so care should be taken to only include what you need for your security policy.
  6. Optionally change the current values by using the check parameterization forms available on the Description tab of applicable fixlets.
  7. Execute the "Deploy and Run Security Checklist" task. This task enacts your parameter changes and executes a scan of the targeted endpoints using the current parameters contained in each fixlet and the settings defined in the "Configure Filesystem Scan Options" fixlet.

 

Once this task has completed, and the client has completed its evaluation loop, compliance results will be visible in the TEM console and Security and Compliance Analytics will reflect the latest pass/fail state, desired values, and measured values upon the next import.