Welcome to the SIMP documentation!¶
This is the documentation for the 6.5.0-1 release of SIMP, which is compatible with CentOS and Red Hat Enterprise Linux (RHEL). This guide will walk a user through the process of installing and managing a SIMP system. It also provides a mapping of security features to security requirements, which can be used to document a system’s security conformance.
Be EXTREMELY CAREFUL when performing copy/paste operations from this document!
Different web browsers and operating systems may substitute incompatible quotes and/or line endings in your files.
The System Integrity Management Platform (SIMP) is an Open Source framework designed around the concept that individuals and organizations should not need to repeat the work of automating the basic components of their operating system infrastructure.
By using the Puppet automation stack, SIMP is working toward the concept of a self-healing infrastructure that, when used with a consistent configuration management process, will allow users to have confidence that their systems not only start in compliance but remain in compliance over time.
Finally, SIMP has a goal of remaining flexible enough to properly maintain your operational infrastructure. To this end, where possible, the SIMP components are written to allow all security-related capabilities to be easily adjusted to meet the needs of individual applications.
Level of Knowledge¶
SIMP is designed for use by system administrators/users with a strong background in Linux operating systems. The core technologies that require prerequisite knowledge are:
- Puppet - 5.5 or later
- Domain Name System (DNS) - BIND 9
- Dynamic Host Configuration Protocol (DHCP) - Internet Systems Consortium (ISC) DHCP
- Lightweight Directory Access Protocol (LDAP) - OpenLDAP
- RedHat Kickstart, including all technologies involved: Trivial File Transfer Protocol (TFTP), PXE, PXELinux, etc.
- The Apache HTTP Server
- The Yellowdog Updater, Modified (YUM) package manager
- Rsyslog 8+
- IPTables (Internet Protocol Tables)/Firewalld, basic knowledge of the rules
- Auditd, Basic knowledge of how the daemon works
- Advanced Intrusion Detection Environment (AIDE), basic knowledge of the rules
- Basic X.509-based PKI Key Management
SIMP handles as much of the initial setup and management of these tools as possible However, you will need at least some understanding of them in order to tailor a SIMP system to fit the desired environment. You will also need a general understanding of how to control and manipulate these tools from the command line interface (CLI); SIMP does not provide a graphical user interface (GUI).
Knowledge of scripting and Ruby programming will also help to further customize a SIMP install but is not required for routine use.
- 1. Quick Start
- 2. Changelogs
- 3. Getting Started
- 4. User Guide
- 5. HOWTO
- 6. FAQ
- 6.1. SIMP Version Guide
- 6.2. What is the Password Complexity for SIMP?
- 6.3. Enabling
- 6.4. Meltdown and Spectre
- 6.5. Why aren’t audit logs being forwarded to syslog?
- 6.6. Why Does Logrotate Complain About Repeated Configuration Settings
- 6.7. Omni-Environment Already Exists Error
- 6.8. Puppet-Related Issues
- 6.9. Why does SIMP use rsync?
- 6.10. Recovering from SELINUX policy failures
- 6.11. YUM Repo Issues
- 7. Contributing to SIMP
- 8. Security Concept of Operations
- 9. Security Control Mapping
- 10. Vulnerability Supplement
- 11. Help
- 12. License
- 13. Contact
- 14. Glossary of Terms