FixIt

As noted in the previous sections, FixIt changes the settings on the server to match the policy. FixIt is very powerful and we encourage you to carefully review what is going to be fixed – that is, what is out of compliance – prior to running FixIt.

FixIt in Test Mode

Prior to running FixIt we encourage you to determine exactly what is going to be changed. You can do that in one of two ways:

  • Examine the compliance reports to see what is out of compliance. The non-compliant items will be changed to match the policy settings.
  • Take advantage of the Test mode parameter of FixIt. No changes will be made! Rather, the changes that would have been made are logged in the Security Auditor Message Log, but no values are actually changed. You can then review what changes would have been made had FixIt actually changed the values or settings. To enable / disable Test mode, go to Admin Tasks > Preferences > General. Check (or uncheck) FixIt Test mode.

Running FixIt

Several methods are available for running FixIt once it has been configured for a template or category and after a compliance check has been completed. (Don’t forget, a compliance check must be run before FixIt is run!)

  1. Enable FixIt by going into the Properties for the category or individual item. Then click on FixIt.
  2. Run FixIt while viewing the items in the category or go to Servers > FixIt.
  3. Schedule a cron job to run FixIt.

FixIt Restrictions

  • Before running FixIt, you must first run a compliance check to identify the non-compliant items. (FixIt will only run against non-compliant items.)
  • If you create a directory template that begins at the root (‘/’) directory FixIt will not run against this template. You can work with the objects in the template and run FixIt on an individual object in the template; however, FixIt will not work on the template as a whole. This restriction prevents running FixIt on the entire File System, which could be quite disruptive. You can create a template that starts with a directory lower than the root directory and run FixIt, but not on a template that starts with the root directory.
Previous Next