Before You Begin
You must be assigned the Compliance Assessor rights profile to create a tailoring that can be added to the system store. For more information, see Rights to Run the compliance Command and Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
The following command sets options on the command line and opens the pick screen.
$ pfexec compliance tailor -t basic *** compliance tailor: Can't get existing tailor "basic", initializing tailoring:basic> set benchmark=solaris tailoring:basic> exclude -a tailoring:basic> pick
where
basic is the name of the tailoring
solaris is the source benchmark
exclude -a loads the solaris benchmark with none of the rules included
pick opens the pick screen
The pick screen displays all of the rules in the solaris benchmark. None of them are included.
The spacebar toggles between including and excluding an entry.
An x indicates an excluded rule.
A greater-than symbol (>) in reverse video indicates an included rule. No x is a second indication that the rule is included.
An exit or ESC returns you to the compliance tailor command line in interactive mode.
For example, you might include the rules OSC-53005, OSC-16005, OSC-35000, OSC-46014, OSC-01511, OSC-04511, and OSC-75511.
tailoring:basic> commit tailoring:basic> exit $
Tailorings that you create with the compliance tailor declare the benchmark and profile inside them.
$ pfexec compliance tailor list basic
$ pfexec compliance assess -t basic Assessment will be named 'basic.2015-10-10,10:10' Title The OS version is correct Rule OSC-53005 Result pass ... Title Stacks are non-executable Rule OSC-75511 Result pass
In this example, the administrator loads tailorings that are stored but not in current use.
$ pfexec compliance tailor tailoring>list basic firsttest testg tailoring>load firsttest tailoring:firsttest>info tailoring=firsttest benchmark=solaris profile: not set tailoring:firsttest>load testg tailoring:testg>