Oracle^® Solaris 11.3 Security Compliance Guide

How to Select a Non-Default Value for a Rule in a Tailoring

Before You Begin

You must be assigned the Compliance Assessor rights profile to create a tailoring that can be added to the assessment store. For more information, see Rights to Run the compliance Command and Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

1. Create a tailoring that modifies the value of a rule.

   $ compliance tailor -t tailoring
   *** compliance tailor: Can't get existing tailor "tailoring", initializing
   tailoring:tailoring> set benchmark=benchmark

2. List the rules in the benchmark or profile that contain variables.

   tailoring:tailoring> values
   OSCV-nnnnn (summary):  value
   OSCV-nnnnn (summary):  value
   ...
   #

3. Change the value of a rule that contains a variable.

   tailoring:tailoring> include OSC-nnnnn
   tailoring:tailoring> value OSCV-nnnnn=value

4. Commit your changes and test.

   tailoring:tailoring> commit
   tailoring:tailoring> exit
   # compliance assess -t tailoring
   Assessment will be named 'tailoring.date'
   Title   Rule title
   Rule    OSC-nnnnn
   Result  pass

Example 8  Creating a Tailoring That Checks for a Password Length of 13

1. Change the default password length according to site requirements.

   Change the PASSLENGTH value in the /etc/default/passwd file.

   ## /etc/default/passwd file
   ##PASSLENGTH=8
   PASSLENGTH=13

2. Create a tailoring from the solaris benchmark.

   $ pfexec compliance tailor -t passwdLength13Test
   *** compliance tailor: Can't get existing tailor "passwdLength13Test", initializing
   tailoring:passwdLength13Test> set benchmark=solaris

3. Display the rules in the solaris benchmark that contain variables and their possible values.

   tailoring:passwdLength13Test> values -v
   OSCV-19500 (gdm service):  _disabled_ /disabled|enabled/
   OSCV-37500 (NFS client service):  _disabled_ /disabled|enabled/
   OSCV-46000 (Minimum Password Length):  6 <= _8_ <= 255 /6|8|14/
   OSCV-47000 (Minimum Password Character Difference):  1 <= _3_ /3/
   OSCV-48000 (Minimum Password Lower-Case Character Count):  0 <= _0_ /0|1/
   OSCV-49000 (Minimum Password Special Character Count):  0 <= _0_ /0|1/

   The output shows that the minimum password length that rule OSC-46000 can check for is 6 and the maximum is 255. The current value is 8.

4. Set the rule to check for a minimum password length of 13.

   tailoring:passwdLength13Test> include OSC-46000
   tailoring:passwdLength13Test> value OSCV-46000=13
   tailoring:passwdLength13Test> commit
   tailoring:passwdLength13Test> exit
   $

5. Test the tailoring.

   $ compliance assess -t passwdLength13Test
   Assessment will be named 'passwdLength13Test.2015-10-10,10:10'
   Title   Passwords must be at least 13 characters long
   Rule    OSC-46000
   Result  pass