SERVICE_RUNNING_WF equal to TCRZLSoftwareRunning

REQ_DISABLED not set

SERVICE_DISABLED_WF not set

When you are done editing click Save.

2.According to our security policy outlined in “Security compliance criteria” on page 100 we must add one more policy checking for the status of the Messenger service, which must be disabled. This service is installed by default on any Windows XP workstation, and our corporate security policy requires this service to be disabled. For that purpose we reuse the same collector type as for checking the ZoneAlarm service. However, this time we must specify the SERVICE_REQ, REQ_DISABLED and SERVICE_DISABLED_WF values. The sample policy we have imported does not include any check for the messenger service, so we must add this check.

In the Tivoli Security Compliance Manager Administrator Console on the Policies view expand the IISSCN_TCM_v2.00_winXP policy and right-click the ZoneAlarm Firewall Active compliance query, as shown in Figure 6-46.Then click Copy compliance query from the pop-up menu.

Figure 6-46 Copying an existing compliance query

Chapter 6. Compliance subsystem implementation

179

Page 197
Image 197
IBM Tivoli and Cisco manual 179, Copying an existing compliance query