Exporting a tailoring lets you examine it for completeness. The export file contains comments that describe the rules that are included and excluded. You can use this file to import the tailoring on a different system for further testing. The directory to which you export the tailoring must be writable by you.
You can also use the export command to create a file for an IPS package of your tailoring. See How to Create a Package Manifest for a Tailoring.
The –o option specifies the file name. In this example, the administrator uses the txt file extension to indicate that the file is in plain text.
$ pfexec compliance tailor tailoring>list basic testg tailoring>load basic tailoring:basic> export -o /home/jdoe/basic.tailor.txt
In this example, the administrator uses the xccdf.xml file extension to indicate that the file is in the required format for an IPS package.
$ pfexec compliance tailor -t basic tailoring:basic> export -x -o /home/jdoe/basic.xccdf.xml tailoring:basic> exit
In this example, the administrator creates a tailoring that includes Kerberos compliance rules. The administrator sets the source benchmark and profile and creates a tailoring from the profile plus rules that apply to Kerberos. The export command shows the effects of the rule inclusions and exclusions.
$ pfexec compliance tailor -t RKerberos tailoring:RKerberos>set benchmark=solaris tailoring:RKerberos>set profile=Recommended tailoring:RKerberos>exclude OSC-28010 tailoring:RKerberos>exclude OSC-30510 tailoring:RKerberos>exclude OSC-31010 tailoring:RKerberos>exclude OSC-31510 tailoring:RKerberos>exclude OSC-63005 tailoring:RKerberos>include OSC-02511 tailoring:RKerberos>commit tailoring:RKerberos>export set tailoring=RKerberos # version=2015-10-10T20:20:20.000+00:00 set benchmark=solaris set profile=Recommended # OSC-28010: Service svc:/network/security/kadmin is disabled or not installed exclude OSC-28010 # OSC-30510: Service svc:/network/security/krb5_prop is disabled or not installed exclude OSC-30510 # OSC-31010: Service svc:/network/security/krb5kdc is disabled or not installed exclude OSC-31010 # OSC-31510: Service svc:/network/shell:kshell is disabled or not installed exclude OSC-31510 # OSC-62511: Service svc:/network/rpc/gss is enabled include OSC-62511 # OSC-63005: Service svc:/network/rpc/gss is enabled if and only if Kerberos is configured exclude OSC-63005