1. Oracle Solaris 11.4 Compliance Guide
  2. Reporting Compliance to Security Standards
  3. compliance Command and Package

compliance Command and Package

To measure security compliance, hereafter called compliance, requires a set of rules that define a security benchmark or profile; a measurement of compliance to that benchmark, called an assessment; and then a report of the findings. The report can also be printed in guide form for training or archiving purposes.

Note:

Consider updating the pkg:/security/compliance package periodically so that you can run the latest version of the benchmarks without having to change the version of Oracle Solaris 11.4. Run the following command: 
# pkg update compliance@latest

Oracle Solaris provides the compliance command to measure security compliance. The command can generate, list, and delete assessments and reports. While any user can view compliance reports, you must have rights to manage and generate assessments. For more information, see Rights to Run Compliance Assessments and Reports and the compliance(8) man page.

Many compliance commands can check remote systems as well as local systems. When you have completed Configuring Administrators to Run Remote Compliance Commands, the following compliance subcommands can run either remotely or locally:

assess

Runs a compliance assessment. See Running Assessments and Reports.

delete

Deletes the specified assessment. For examples, see Using Metadata to Manage Assessments.

explain

Lists the details of the rules in a specified benchmark or profile. See the compliance(8) man page.

get-options

Gets the default parameters of the compliance assess command.

get-policy

Shows the compliance policy that is in effect on the specified system. See Setting Policy and Assessment Options.

list

Lists the benchmarks, profiles, and rosters on a specified system. See Listing Compliance Information and Locating Assessments and Reports.

set-options

Sets the default parameters for the compliance assess command.

set-policy

Sets the default compliance policy for a specified system. See Setting Policy and Assessment Options.

The following compliance subcommands run on the local system only:

guide

Creates a guide of the compliance rules that are available on the system. See New Guides for New Benchmarks.

report

Shows the location of assessment reports. See Compliance Reports and Guides.

roster

Creates, modifies, and lists rosters, which are scripts that specify a set of systems to be assessed and the options of each assessment. See Running Multiple Remote Assessments.

store

Copies specified assessments, including all associated reports, to a remote assessment store. See Using a Common Store for Compliance Assessments.

tailor

Creates, modifies, and lists tailorings, which are customized sets of compliance rules. See Creating Tailorings From Compliance Benchmarks.

For mounted file systems, best practice is to separately test the compliance of the clients and the servers. For example, if you mount user home directories from central servers, run the compliance assess command on the user systems and on every home directory server. For how to run assessments on remote systems from a terminal window on your local system, see Running Remote Assessments on One or More Systems.

Note:

The compliance command automates compliance assessment, not remediation.