Go to main content

Oracle® Solaris 11.3 Security Compliance Guide

Exit Print View

Updated: March 2018
 
 

How to Export a Tailoring

Exporting a tailoring lets you examine it for completeness. The export file contains comments that describe the rules that are included and excluded. You can use this file to import the tailoring on a different system for further testing. The directory to which you export the tailoring must be writable by you.

You can also use the export command to create a file for an IPS package of your tailoring. See How to Create a Package Manifest for a Tailoring.

  1. Load and export the tailoring.

    The –o option specifies the file name. In this example, the administrator uses the txt file extension to indicate that the file is in plain text.

    $ pfexec compliance tailor
tailoring>list
basic
testg
tailoring>load basic
tailoring:basic> export -o /home/jdoe/basic.tailor.txt
  2. When the new tailoring is ready for production, export it in XML format by using the –x option.

    In this example, the administrator uses the xccdf.xml file extension to indicate that the file is in the required format for an IPS package.

    $ pfexec compliance tailor -t basic
tailoring:basic> export -x -o /home/jdoe/basic.xccdf.xml
tailoring:basic> exit
Example 5  Creating a Kerberos Tailoring From the Recommended Profile

In this example, the administrator creates a tailoring that includes Kerberos compliance rules. The administrator sets the source benchmark and profile and creates a tailoring from the profile plus rules that apply to Kerberos. The export command shows the effects of the rule inclusions and exclusions.

$ pfexec compliance tailor -t RKerberos
tailoring:RKerberos>set benchmark=solaris
tailoring:RKerberos>set profile=Recommended
tailoring:RKerberos>exclude OSC-28010
tailoring:RKerberos>exclude OSC-30510
tailoring:RKerberos>exclude OSC-31010
tailoring:RKerberos>exclude OSC-31510
tailoring:RKerberos>exclude OSC-63005
tailoring:RKerberos>include OSC-02511
tailoring:RKerberos>commit
tailoring:RKerberos>export
set tailoring=RKerberos
# version=2015-10-10T20:20:20.000+00:00
set benchmark=solaris
set profile=Recommended
# OSC-28010: Service svc:/network/security/kadmin is disabled or not installed
exclude OSC-28010
# OSC-30510: Service svc:/network/security/krb5_prop is disabled or not installed
exclude OSC-30510
# OSC-31010: Service svc:/network/security/krb5kdc is disabled or not installed
exclude OSC-31010
# OSC-31510: Service svc:/network/shell:kshell is disabled or not installed
exclude OSC-31510
# OSC-62511: Service svc:/network/rpc/gss is enabled
include OSC-62511
# OSC-63005: Service svc:/network/rpc/gss is enabled if and only if Kerberos is configured
exclude OSC-63005
Copyright © 2002, 2018, Oracle and/or its affiliates. All rights reserved. 
Previous
Next