Enterprise Health Check Policy Benchmark

The compliance command and framework is a security audit capability and best-practices check that runs benchmarks and generates HTML reports for one or more systems. See the compliance(8) man page.

The Enterprise Health Check benchmark determines how compliant your system is with Oracle Solaris 11.4 best practices. Best practices include highlighting legacy software that is targeted for removal in an upcoming Oracle Solaris 11.4 Support Repository Update (SRU).

The following command runs the ehc benchmark on the local system:

$ pfexec compliance assess -b ehc

The generated assessments and reports are stored in the same location, see Listing Compliance Information and Locating Assessments and Reports. You can retrieve the any HTML reports by using RAD/REST. Each HTML report shows the state of the system and shows rule output that provides corrective actions. See Chapter 3, REST APIs for RAD Clients in Remote Administration Daemon Client User's Guide. Also see examples about how to access this RAD/REST API in the Managing Oracle Solaris Through REST article on GitHub.

Install the ehc-solaris-policy package to obtain the ehc benchmark by running the following command:

# pkg install ehc-solaris-policy

The ehc-solaris-policy package is part of the solaris-desktop, solaris-small-server, and solaris-large-server package groups. See Installing the Oracle Solaris OS in Oracle Solaris 11.4 Security and Hardening Guidelines.

Update the ehc-solaris-policy package periodically so that you can run the latest version of the benchmark without having to change the version of Oracle Solaris 11.4. You can update the pkg:/security/compliance package periodically, as well. Run the following command:

# pkg update ehc-solaris-policy@latest