Go to main content

Oracle® Solaris 11.4 Compliance Guide

Exit Print View

Updated: August 2021
 
 

Compliance Reports and Guides

Oracle Solaris provides three report formats for compliance assessments and a guide for each benchmark and profile.

Assessment Report Formats

    After you have run an assessment, the assessment directory contains a log file, a report, and a guide of your system's compliance to that specific assessment. The assessment directory files contain the following information:

  • log – In text form, contains the results for every test that was performed for the assessment and its rule ID. The following example shows a sample entry:

    Title   The OS version is current
    Rule    OSC-53005
    Result  pass
  • report.html – In browser-ready form, contains the results for every test that was performed for the assessment and its rule ID, time the test was run, compliance severity (high, medium, or low), description, and remediation assistance. The following example shows a sample entry:

        Result for Package integrity is verified
        Result: fail
        Rule ID: OSC-54005
        Time: 2016-09-07
          07:07
        Severity: high
          Run 'pkg verify' to check that all installed Oracle Solaris software matches
          the packaging database and that ownership, permissions and content are correct.
    
         Remediation instructions
          'pkg verify' has produced errors. Rerun the command and evaluate the errors. 
           As appropriate, based on errors found,you should run 'pkg fix <package-fmri>'
           See the pkg(1) man page.
    
        Remediation script                      
        # pkg verify
        followed by
        # pkg fix <package-fmri>
    
    The following packages showed errors
        pkg:/library/perl-5@0.nn-11.4.n.n.n.n.n          ERROR
  • results.xccdf.xml – Contains the results of every test in the benchmark. In addition to the information that is covered in report.html, the guide contains introductions to the areas that are assessed and references to Oracle Solaris system administration guides.

Oracle Solaris Compliance Guides

At installation, the compliance package provides guides to the compliance benchmarks and profiles. A guide contains the rationale for each security check and the steps to fix a failed check. Guides can be useful for training and as guidelines for future testing.

    The guides that are installed with the compliance package are:

  • benchmark guide – Contains every test in benchmark. Examples are pci-dss, solaris_pci-dss, solaris, and ehc.

  • benchmark.profile guide – Contains every test in benchmark, plus a table at the end of the guide that lists which tests are selected or not selected for profile. Examples are solaris.baseline and solaris.recommended.

New Guides for New Benchmarks

The compliance:generate-guide service creates guides for each security benchmark and profile at installation. If you add a new benchmark or profile, you can create a guide for it. The following command creates guides for all installed benchmarks and profiles:

$ pfexec compliance guide -a