Go to main content

Oracle® Solaris 11.4 Compliance Guide

Exit Print View

Updated: August 2021
 
 

About Remote Assessment Features

    The following parameters can be set for local and remote assessments.

  • Default policy – The policy that is assessed when no benchmark, profile, or tailoring is passed to the compliance assess command. For examples of listing and setting policy, see How to Schedule a Regular Assessment of a System Using Its Default Policy.

  • Metadata – Identifiers that are available or that you add to an assessment.

    Metadata or matches are system-defined and user-defined keys and values for tagging assessments. You can use the system keys to select assessments, and you can create your own keys and values with which to tag and select assessments. The selection mechanism supports general boolean expressions on the keys and supports selections based on time ranges. For examples, see Tagging Assessments With Metadata and Using Metadata to Manage Assessments.

  • Assessment name – The following list illustrates the naming conventions.

     basic.2016-12-29,11:11
            basic
                UUID: d0deea3e-3e56-11e6-978b-9f0b610d6a70
                UUID: c9d9c748-3e58-11e6-978d-9f0b610d6a70
            default.2016-12-29,11:15
            roster1.2016-12-29,11:10
    • The first name is from running a tailoring named basic.

    • The UUID names are from the basic tailoring when the name of two assessments would be identical. Typically, names are identical when the time stamps are identical.

    • The third name is from running an assessment when no argument is passed to the compliance assess command.

    • The final name is from running a roster named roster1.

    The default naming convention is usually sufficient. See Example 1, Listing All Benchmarks, Profiles, Assessments, and Reports.

  • Where the assessment is stored – The storage can be local or remote. The default is local storage, but with the –s RAD-URI option, specifies the RAD-URI storage location. For examples, see Using a Common Store for Compliance Assessments.

  • Where policy is listed or set, features are listed or set, or assessment is run – The operation can be local or remote. The default is a local operation, but with the –N RAD-URI option, the specified RAD-URI can be a remote node. For examples of listing and setting features remotely, see How to Schedule a Regular Assessment of a System Using Its Default Policy.

Assessments can also be run asynchronously from a roster. A roster is a list of remote systems and their assessment parameters that you create to pass to the compliance assess command. For examples, see Running Multiple Remote Assessments and the compliance-roster(8) man page.

About Running Assessments Remotely

To remotely get or set policy, get or set the features of a remote assessment, and run or store an assessment or roster, you must configure authentication between the local node and the remote node. The authentication must be with a non-interactive ssh version of the RAD URI. Specifically, the ssh connection cannot prompt for a password. For instructions, see Configuring Administrators to Run Remote Compliance Commands.

The compliance_mgr RAD module provides programmatic access to the assessment store to create and delete, store and retrieve assessment contents, and to retrieve the assessment metadata. For syntax information, see the compliance(8) man page.

About Sending Assessments to a Common Store

After completing Configuring Administrators to Run Remote Compliance Commands, you can use the –s RAD-URI option to send assessments immediately or copy assessments later to a common store.

  • The compliance assess command sends the assessment immediately to a common store.

  • The compliance store command copies existing compliance assessments to a common store.

If the –s RAD-URI option is omitted, the assessment is stored on the same node where the assessment runs.