Oracle Solaris provides three formats for compliance reports and a guide for each benchmark and profile.
After you have run an assessment, the assessment directory contains a log file, a report, and a guide of your system's compliance to that specific assessment. The assessment directory files contain the following information:
log – In text form, contains the results for every test that was performed for the assessment and its rule ID. The following example shows a sample entry:
Title The OS version is current Rule OSC-53005 Result pass
report.html – In browser-ready form, contains the results for every test that was performed for the assessment and its rule ID, time the test was run, compliance severity (high, medium, or low), description, and remediation assistance. The following example shows a sample entry:
Result for Package integrity is verified Result: fail Rule ID: OSC-54005 Time: 2014-09-03 13:35 Severity: high Run 'pkg verify' to check that all installed Oracle Solaris software matches the packaging database and that ownership, permissions and content are correct. Remediation instructions 'pkg verify' has produced errors. Rerun the command and evaluate the errors. As appropriate, based on errors found,you should run 'pkg fix <package-fmri>' See the pkg(1) man page. Remediation script # pkg verify followed by # pkg fix <package-fmri> The following packages showed errors pkg://solaris/library/perl-5/sun-solaris-512 ERROR
results.xccdf.xml – Contains the results of every test in the benchmark. In addition to the information that is covered in report.html, the guide contains introductions to the areas that are assessed and references to Oracle Solaris system administration guides.
At installation, the compliance package provides guides to the compliance benchmarks and profiles. A guide contains the rationale for each security check and the steps to fix a failed check. Guides can be useful for training and as guidelines for future testing.
The guides that are installed with the compliance package are:
benchmark guide – Contains every test in benchmark. Examples are pci-dss, solaris_pci-dss, and solaris.
benchmark.profile guide – Contains every test in benchmark, plus a table at the end of the guide that lists which tests are selected or not selected for profile. Examples are solaris.baseline and solaris.recommended.
The compliance:generate-guide service creates guides for each security benchmark and profile at installation. If you add a new benchmark or profile, you can create a guide for it.
# compliance guide -a