To perform this task, you must be assigned the Software Installation rights profile to add packages to the system. You must be assigned administrative rights for most compliance commands.
# pkg install compliance
This message indicates that the package is installed:
No updates necessary for this image.
For more information, refer to the pkg(1) man page.
In this example, there are two benchmarks.
pci-dss – includes one profile called Solaris_PCI-DSS
solaris – includes two profiles called Baseliine and Recommended
# compliance list -p Benchmarks: pci-dss: Solaris_PCI-DSS solaris: Baseline, Recommended Assessments: No assessments available
Run the compliance command with this syntax:
|
Examples:
Using the Recommended profile.
# compliance assess -b solaris -p Recommended
The command creates a directory in /var/share/compliance/assessments that contains the assessment in three files: a log file, an XML file, and an HTML file.
Using the PCI-DSS profile:
# compliance assess -b pci-dss
# cd /var/share/compliance/assessments/filename_timestamp # ls recommended.html recommended.txt recommended.xml
You can run customized reports repeatedly. However, you can only run the assessment once in the original directory.
In this example, the -s option is used to select which result types should appear in the report.
By default, all result types appear in the report except notselected or notapplicable. The result types are specified as a comma separated list to display in addition to the default. Individual results types can be suppressed by preceding them with a -, while starting the list with an = specifies exactly which result types should be included. Result types are: pass, fixed, notchecked, notapplicable, notselected, informational, unknown, error, or fail.
# compliance report -s -pass,fail,notselected /var/share/compliance/assessments/filename_timestamp/report_A.html
This command creates a report that contains failed and not selected items in HTML format. The report is run against the most recent assessment.
You can view the log file in a text editor, view the HTML file in a browser, or view the XML file in an XML viewer. For example, to view the customized HTML report from the preceding step, type the following browser entry:
file:///var/share/compliance/assessments/filename_timestamp/report_A.html
If the fix includes rebooting the system, reboot the system before running the assessment again.