Go to main content

Oracle® Solaris 11.4 Compliance Guide

Exit Print View

Updated: August 2021
 
 

How to Select a Non-Default Value for a Rule in a Tailoring

Before You Begin

You must be assigned the Compliance Assessor rights profile to create a tailoring that can be added to the assessment store. For more information, see Rights to Run Compliance Assessments and Reports and Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  1. Create a tailoring that modifies the value of a rule.
    $ pfbash ; compliance tailor -t tailoring
    *** compliance tailor: Can't get existing tailor "tailoring", initializing
    tailoring:tailoring> set benchmark=benchmark
  2. List the rules in the benchmark or profile that contain variables.
    tailoring:tailoring> values
    OSCV-nnnnn (summary):  value
    OSCV-nnnnn (summary):  value
    ...
    #
  3. Change the value of a rule that contains a variable.
    tailoring:tailoring> include OSC-nnnnn
    tailoring:tailoring> value OSCV-nnnnn=value
  4. Commit your changes and test.
    tailoring:tailoring> commit
    tailoring:tailoring> exit
    $ compliance assess -t tailoring
    Assessment will be named 'tailoring.date'
    Title   Rule title
    Rule    OSC-nnnnn
    Result  pass
Example 8  Creating a Tailoring That Checks for a Password Length of 13
  1. Change the default password length according to site requirements.

    Change the PASSLENGTH value in the /etc/default/passwd file.

    ## /etc/default/passwd file
    ##PASSLENGTH=8
    PASSLENGTH=13
  2. Create a tailoring from the solaris benchmark.

    $ pfbash ;  compliance tailor -t passwdLength13Test
    *** compliance tailor: Can't get existing tailor "passwdLength13Test", initializing
    tailoring:passwdLength13Test> set benchmark=solaris
  3. Display the rules in the solaris benchmark that contain variables and their possible values.

    tailoring:passwdLength13Test> values -v
    OSCV-19500 (gdm service):  _disabled_ /disabled|enabled/
    OSCV-37500 (NFS client service):  _disabled_ /disabled|enabled/
    OSCV-46000 (Minimum Password Length):  6 <= _8_ <= 255 /6|8|14/
    OSCV-47000 (Minimum Password Character Difference):  1 <= _3_ /3/
    OSCV-48000 (Minimum Password Lower-Case Character Count):  0 <= _0_ /0|1/
    OSCV-49000 (Minimum Password Special Character Count):  0 <= _0_ /0|1/

    The output shows that the minimum password length that rule OSC-46000 can check for is 6 and the maximum is 255. The current value is 8.

  4. Set the rule to check for a minimum password length of 13.

    tailoring:passwdLength13Test> include OSC-46000
    tailoring:passwdLength13Test> value OSCV-46000=13
    tailoring:passwdLength13Test> commit
    tailoring:passwdLength13Test> exit
    $
  5. Test the tailoring.

    $ compliance assess -t passwdLength13Test
    Assessment will be named 'passwdLength13Test.2015-10-10,10:10'
    Title   Passwords must be at least 13 characters long
    Rule    OSC-46000
    Result  pass