Go to main content

Oracle® Solaris 11.4 Compliance Guide

Exit Print View

Updated: August 2021
 
 

Using Metadata to Manage Assessments

The compliance assess -m matches command enables you to run an assessment with tags that you specify. You can later use these tags to select, list, and delete similarly-tagged assessments. For more information, see the Match Parameters section of the compliance(8) man page. The remote administration daemon (RAD) can retrieve metadata from assessments that are stored remotely.

Example 26  Managing Assessments by System Tags

    System tags are attached to all assessments. In these examples, the administrator uses system metadata to identify and manage similar assessments.

  • This command finds all assessments from the month of September 2016. The output shows the UUID and the name of the assessment.

    $ compliance list -a -m 'Timestamp>2016-08-31 & Timestamp<2016-10-01'
            471761d4-2c39-11e6-bb5e-39c6d85e0d3a
                    Name=passwdLength13Test.2016-09-07,17:57
            069cab5c-2c3c-11e6-bb60-39c6d85e0d3a
                    Name=passwdLength13Test.2016-09-17,17:17
  • This command finds all assessments later than the month of August 2016 on the 192.0.2.122 remote system.

    $ compliance list -a -m 'Timestamp>2016-08-31' -N test1@192.0.2.122
  • This command finds all assessments that share two tag values on a remote system.

    $ compliance list -a -m 'Timestamp>2016-08-31 & Architecture=sun4v' \
      -N test1@192.0.2.122
  • This command finds all assessments from the basic tailoring.

    $ compliance list -am Tailoring=basic
            282356e8-3986-11e6-9c1e-c3e78f99d41d
                    Name=HereBASIC
            3989813e-3e39-11e6-9c22-c3e78f99d41d
                    Name=basicRemote2
            d0deea3e-3e56-11e6-978b-9f0b610d6a70
                    Name=basicRemote1
            5f0038da-3e58-11e6-978c-9f0b610d6a70
                    Name=basic.2016-09-07,17:27
            c9d9c748-3e58-11e6-978d-9f0b610d6a70
                    Name=basic.Remote1
  • This series of commands finds all assessments that begin with example, copies them, lists the remote copies, then deletes the original assessments on the local system.

    $ compliance list -a -m "Name>example & Name<f"
            33333333-4ea1-11e6-9691-fbfbfbfbfbfb
                    Name=example-roster.2016-09-07,10:41
            11111111-4ea2-11e6-9692-abababababab
                    Name=example-roster.2016-09-07,10:47
            22222222-4ea3-11e6-9693-dededededede
                    Name=example-roster.2016-09-07,10:55'
    
    $ pfexec compliance store -s mysparc -m "Name>example & Name<f"
    
    $ compliance list -N mysparc -m "Name>example & Name<f"
    Benchmarks:
            pci-dss
            solaris
    Assessments:
            33333333-4ea1-11e6-9691-fbfbfbfbfbfb
                    Name=example-roster.2016-09-07,10:41
            11111111-4ea2-11e6-9692-abababababab
                    Name=example-roster.2016-09-07,10:47
            22222222-4ea3-11e6-9693-dededededede
                    Name=example-roster.2016-09-07,10:55
    
    $ pfexec compliance delete -n -m "Name>example & Name<f"
    would delete assessment UUID=33333333-4ea1-11e6-9691-fbfbfbfbfbfb, Name=example-roster.2016-09-07,10:41
    would delete assessment UUID=11111111-4ea2-11e6-9692-abababababab, Name=example-roster.2016-09-07,10:47
    would delete assessment UUID=22222222-4ea3-11e6-9693-dededededede, Name=example-roster.2016-09-07,10:55
    
    $ pfexec compliance delete -m "Name>example & Name<f"
Example 27  Deleting Assessments by Metadata

In these examples, the administrator deletes assessments based on their metadata.

  • This command finds all assessments that were run on SPARC systems, deletes them, and verifies the deletion.

    $ compliance list -am Architecture=sun4v
            62622916-2dc8-11e6-9c14-c3e78f99d41d
                    Name=basic.2016-07-07,15:28
            87846452-2e90-11e6-9c15-c3e78f99d41d
                    Name=basic.2016-07-09,15:21
            abc11504-2e90-11e6-9c16-c3e78f99d41d
                    Name=basic.2016-07-09,15:22
    
    $ pfexec compliance delete -am Architecture=sun4v
    $ compliance list -am Architecture=sun4v
    $
  • This command finds all assessments whose name begins with default and then deletes them.

    $ compliance list -am "Name>default & Name<defaulu"
            94f67aae-3a24-11e6-bb79-39c6d85e0d3a
                    Name=default.2016-09-07,08:59
            8142085e-52be-11e6-905f-753ff3457658
                    Name=default.2016-09-25,16:21
    
    $ pfexec compliance delete -am "Name>default & Name<default"
Example 28  Copying Assessments by Metadata

In this example, the administrator copies assessments that were run on SPARC systems and copies them to a common store. The assessments are now in two locations, the local system and the common store.

$ compliance list -am Architecture=sun4v
        62622916-2dc8-11e6-9c14-c3e78f99d41d
                Name=basic.2016-07-07,15:28
        87846452-2e90-11e6-9c15-c3e78f99d41d
                Name=basic.2016-07-09,15:21
        abc11504-2e90-11e6-9c16-c3e78f99d41d
                Name=basic.2016-07-09,15:22

$ pfexec compliance store -N mycommonstore -am Architecture=sun4v