Introduction¶
This chapter will walk a user through the process of installing the SIMP server in a SIMP system. A SIMP system is one that includes, at a minimum, a SIMP server with properly configured networking information and a working Puppet server. Optionally, a SIMP system can also include one or more managed clients. The topics related to client management are covered in SIMP User Guide.
Warning
There are default passwords present on the system that should be changed prior to deploying the system.
Please make sure that you change these passwords!
For a list of the passwords, see SIMP Default Passwords and Settings
Level of Knowledge¶
SIMP is designed for use by system administrators or users with a strong background using Linux operating systems. The core applications that make up SIMP and require prerequisite knowledge are:
- Puppet - 3.7 or later
- Domain Name System (DNS) - BIND 9
- Dynamic Host Configuration Protocol (DHCP) - Internet Systems Consortium (ISC) DHCP
- Lightweight Directory Access Protocol (LDAP) - OpenLDAP
- RedHat Kickstart (including all tools behind it) - Trivial File Transfer Protocol (TFTP), PXELinux, etc.
- Apache
- Yellowdog Updater, Modified (YUM)
- Rsyslog Version 3+
- Internet Protocol Tables (IPtables) (Basic knowledge of the rules)
- Auditd (Basic knowledge of how the daemon works)
- Advanced Intrusion Detection Environment (AIDE) (Basic knowledge of the rules)
- Basic X.509-based PKI Key Management
SIMP does as much initial setup and configuration of these tools as possible. However, without at least some understanding, you will be unable to tailor a SIMP system to fit the desired environment. A general understanding of how to control and manipulate these tools from the command line interface (CLI) will be necessary, as SIMP does not come stock with a graphical user interface (GUI).
Knowledge of scripting and Ruby programming will also help to further customize a SIMP install but is not required for routine use.
SIMP Defined¶
The System Integrity Management Platform (SIMP) is a framework designed around the concept that individuals and organizations should not need to repeat the work of automating the basic components of their operating system infrastructure.
Expanding upon this philosophy, SIMP also aims to take care of routine policy compliance to include NIST 800-53, FIPS 140-2, the DISA STIG, and the SCAP Security Guides.
By using the Puppet automation stack, SIMP is working toward the concept of a self-healing infrastructure that, when used with a consistent configuration management process, will allow users to have confidence that their systems not only start in compliance but remain in compliance over time.
Finally, SIMP has a goal of remaining flexible enough to properly maintain your operational infrastructure. To this end, where possible, the SIMP components are written to allow all security-related capabilities to be easily adjusted to meet the needs of individual applications.