How to Update Tailorings Based on Previous Benchmark Versions

Language:

You can discover that you have an outdated tailoring after updating Oracle Solaris. This procedure shows how to update or delete the tailoring.

Before You Begin

You must be assigned the Compliance Assessor rights profile.

Run an assessment by using the tailoring.

$ pfexec compliance assess -t tailoring
WARNING: version mismatch between tailoring 'tailoring'(1.nnnn) and 
benchmark 'solaris'(1.higher-nnnn), assessment test selections may not be as expected

Review the report.
If the results are what you expect, then you can update the tailoring to the current benchmark or profile version. If the results do not accurately report the compliance of the system, you can modify the tailoring or create a new one.

View the contents of the tailoring.

$ pfexec compliance tailor -t tailoring
*** compliance tailor: WARNING: version mismatch between tailoring 'tailoring'(1.nnnn) and 
benchmark 'solaris'(1.higher-nnnn), assessment test selections may not be as expected
tailoring:basic> export
...

(Optional) To delete the tailoring, type delete in the interactive interface and confirm the deletion.
```
tailoring:basic> delete
OK to delete tailoring 'basic' (y/N)? y
$
```
If needed, modify the tailoring to create the correct assessment.
```
tailoring:basic> exclude OSC-nnnnn
tailoring:basic> include OSC-nnnnn
...
tailoring:basic> export
tailoring:basic> commit
tailoring:basic> exit
```
For a different update method, see Example 4, Updating a Tailoring From an Export File.

Verify that your assessment runs without error.

$ pfexec compliance assess -t tailoring
Assessment will be named 'tailoring.YYYY-MM-DD,HH:MM

Example 4 Updating a Tailoring From an Export File

The administrator imports the outdated tailoring to verify that its output is accurate.

Using the pfexec compliance tailor command, the administrator opens the tailoring and exports it to a file.

$ pfexec compliance tailor -t myTailoring
*** compliance tailor: WARNING: version mismatch between tailoring 'myTailoring'(1.1234) and 
benchmark 'solaris'(1.2345), assessment test selections may not be as expected
tailoring:myTailoring> export -o myTailoring1.txt
tailoring:myTailoring> exit

The administrator edits the export file to rename the tailoring.
```
$ pfedit myTailoring1.txt
set tailoring=myTailoring1
```

The administrator imports the modified exported rule set.

$ pfexec compliance tailor -f myTailoring1.txt
tailoring:myTailoring1> commit
tailoring:myTailoring1> exit

The administrator verifies that the new tailoring performs the same job as the original tailoring.
```
$ pfexec compliance assess -t myTailoring1
...
```

The administrator deletes the outdated tailoring.

$ pfexec compliance tailor -t myTailoring
tailoring:myTailoring> delete
OK to delete tailoring 'myTailoring' (y/N)? y
$

Troubleshooting

If you are denied permission to update or delete the tailoring, either assume the root role, or if you have the Compliance Assessor rights profile, precede the compliance tailor command with pfexec.