How to Create a Roster for Multiple Remote Assessments
You must become an administrator who is assigned the Compliance Assessor rights profile on both systems. For more information, see Configuring Administrators to Run Remote Compliance Commands. See also Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
In this procedure, you create a roster to run assessments on several remote systems at once. Rosters use the node
parameter to identify systems.
Example 2-6 Setting Compliance Policy in a Roster
In this example, the administrator sets a policy on the node that is different from the default policy on the system.
$ pfexec compliance roster -r example-roster roster:example-roster> select node=mysparc roster:example-roster/node:mysparc> help policy Syntax: policy [-b benchmark] [-p profile] [-t tailoring] sets the policy within the current scope The -p option can't be used with the -t option. Use no options to specify that this scope will inherit from an upper scope. roster:example-roster> select node=mysparc roster:example-roster/node:mysparc> policy -b solaris -p Recommended roster:example-roster/node:mysparc> end roster:example-roster> commit roster:example-roster> info ; expand info: roster:example-roster, 2 node(s) node:myx86 node:mysparc profile=Recommended benchmark=solaris
At the roster level, the policy
subcommand would set the policy for all nodes in the roster that did not have an explicit policy setting at the node level. When you run the assessments using the roster, the default compliance policy that is set on the systems that are being assessed is not used.
Example 2-7 Canceling an Error in a Roster
In this example, the administrator notes the error as it is made and cancels it.
roster:example-roster/node:mysparc> policy -b solaris -p Baseline roster:example-roster/node:mysparc> cancel Canceling node modifications roster:example-roster/node:mysparc> policy -b solaris -p Recommended roster:example-roster/node:mysparc> info info: node:mysparc policy(-b solaris -p Recommended)
Example 2-8 Renaming a Group, Node, or Roster
In this example, the administrator renames existing rosters, groups, and nodes in the interactive editor and commits the changes.
roster:example-roster> select node=mysparc roster:example-roster/node:mysparc> node mysparc1 << renamed node roster:example-roster/node:mysparc1> end roster:example-roster> roster myexample1 << renamed roster roster:myexample1> select group=labsystems roster:myexample1/group:labsystems> group labs << renamed group roster:myexample1/group:labs> end roster:myexample1> commit
Example 2-9 Importing a Corrected Roster
In this example, the administrator found an error in a group name. Rather than recreate the group in the interactive editor, the administrator exported the roster, fixed the spelling, gave the roster a new name, imported the new version, and deleted the roster.
$ pfexec compliance roster -r trial1 roster:mysparc> export -o trial1.txt; exit
$ cp trial1.txt trial2.txt pfedit trial2.txt roster trial1 policy -b solaris -p Recommended add group=sarc add node=mysparc1 end add node=mysparc2 end end roster mysparcs policy -b solaris -p Recommended add group=sparc add node=mysparc1 end add node=mysparc2 end end :wq
$ pfexec compliance roster -f trial2.txt roster:mysparcs> info ; expand info: roster:mysparcs policy(-b solaris -p Recommended), 1 group(s) node:mysparc1 profile=Recommended benchmark=solaris node:mysparc2 profile=Recommended benchmark=solaris roster:mysparcs> commit
roster:mysparcs> list mysparcs trial1 roster:mysparcs> roster trial1 roster:trial1> delete OK to delete roster 'trial1' (y/N)? y $