You can discover that you have an outdated tailoring after updating Oracle Solaris. This procedure shows how to update or delete the tailoring.
Before You Begin
You must be assigned the Compliance Assessor rights profile.
$ pfexec compliance assess -t tailoring WARNING: version mismatch between tailoring 'tailoring'(1.nnnn) and benchmark 'solaris'(1.higher-nnnn), assessment test selections may not be as expected
If the results are what you expect, then you can update the tailoring to the current benchmark or profile version. If the results do not accurately report the compliance of the system, you can modify the tailoring or create a new one.
$ pfexec compliance tailor -t tailoring *** compliance tailor: WARNING: version mismatch between tailoring 'tailoring'(1.nnnn) and benchmark 'solaris'(1.higher-nnnn), assessment test selections may not be as expected tailoring:basic> export ...
tailoring:basic> delete OK to delete tailoring 'basic' (y/N)? y $
tailoring:basic> exclude OSC-nnnnn tailoring:basic> include OSC-nnnnn ... tailoring:basic> export tailoring:basic> commit tailoring:basic> exit
For a different update method, see Example 4, Updating a Tailoring From an Export File.
$ pfexec compliance assess -t tailoring Assessment will be named 'tailoring.YYYY-MM-DD,HH:MM
The administrator imports the outdated tailoring to verify that its output is accurate.
Using the pfexec compliance tailor command, the administrator opens the tailoring and exports it to a file.
$ pfexec compliance tailor -t myTailoring *** compliance tailor: WARNING: version mismatch between tailoring 'myTailoring'(1.1234) and benchmark 'solaris'(1.2345), assessment test selections may not be as expected tailoring:myTailoring> export -o myTailoring1.txt tailoring:myTailoring> exit
The administrator edits the export file to rename the tailoring.
$ pfedit myTailoring1.txt set tailoring=myTailoring1
The administrator imports the modified exported rule set.
$ pfexec compliance tailor -f myTailoring1.txt tailoring:myTailoring1> commit tailoring:myTailoring1> exit
The administrator verifies that the new tailoring performs the same job as the original tailoring.
$ pfexec compliance assess -t myTailoring1 ...
The administrator deletes the outdated tailoring.
$ pfexec compliance tailor -t myTailoring tailoring:myTailoring> delete OK to delete tailoring 'myTailoring' (y/N)? y $
Troubleshooting
If you are denied permission to update or delete the tailoring, either assume the root role, or if you have the Compliance Assessor rights profile, precede the compliance tailor command with pfexec.