The benchmarks that Oracle Solaris provides might report failures or false positives that do not accurately reflect the compliance of particular systems. For these systems, you can create tailorings, which are inclusions or exclusions of rules, or modifications of rules with variable values, from these benchmarks. Rules with variable values are explicitly marked in the interface. By modifying a variable used in a rule, you can include the rule while providing a more fine-grained expression of your security policy. You can then use these tailorings to assess the security posture of your site.
You create a tailoring by including or excluding rules from a benchmark, profile, or tailoring, then saving the new rule set under a different name. You can create multiple tailorings from a source benchmark and the tailorings are independent of each other. Every tailoring has a unique name.
You can use tailorings to assess the compliance of systems to a few rules or to many rules. You can save a tailoring in a form to be incorporated in an IPS package for installation on many systems. See How to Create a Package Manifest for a Tailoring.
Users who are assigned the Compliance Assessor rights profile can create tailorings and run assessments and reports. For details, see Rights to Run the compliance Command. To create a tailoring, you modify the selection of rules in a benchmark or profile. You do not and cannot modify the rules themselves. Because the source of a tailoring is a particular benchmark, that benchmark must be installed on a system where you run the tailoring.