1. Oracle Solaris 11.4 Compliance Guide
  2. Reporting Compliance to Security Standards
  3. Administering Compliance Assessments and Reports
  4. Listing Compliance Information and Locating Assessments and Reports

Listing Compliance Information and Locating Assessments and Reports

The compliance list command is available to all users. With the verbose -v and profile -p options, this command lists the benchmarks, their short descriptions. and their profiles. With the -a option, the command lists all the assessments that are stored on this system.

The -m matches parameter enables you to administer assessments and reports according to metadata. System tags are on all assessments. You can use the -m() matches option to add your own tags to selected assessments, then match those tags when listing and deleting assessments. To tag assessments with metadata, see Tagging Assessments With Metadata. For managing assessments based on their metadata, see Using Metadata to Manage Assessments.

Example 1-1 Listing All Benchmarks, Profiles, Assessments, and Reports

In this example, the administrator has specified pci and recommended on the command line as assessment names. The other assessment names were generated by the compliance assess command without specified assessment names. 

$ compliance list -vp
Benchmarks:
pci-dss:        Solaris_PCI-DSS
                PCI-DSS Security/Compliance benchmark for Oracle Solaris
solaris:        Baseline, Recommended
                Oracle Solaris Security Policy

$ compliance list -a
        pci
            UUID: b83e25ee-3eec-11e6-854a-12345678abc
            UUID: 38f99dbe-3ef0-11e6-854c-12345678abc
        recommended
            UUID: 439b344a-3eef-11e6-854b-12345678abc
            UUID: 8e0b65de-3ef1-11e6-854d-12345678abc
pci-dss.2016-06-30,11:40
solaris.Recommended.2016-06-30,11:41

Note:

The compliance list -vp lists only those benchmarks that have been installed. So, the previous compliance list -vp output shows that only the compliance package is installed. If you also have the ehc-solaris-policy installed, information about the ehc benchmark is also shown in the compliance list -vp or compliance list -b output.

Example 1-2 Locating Files in the Compliance Repository

The reports of assessments are stored in the /var/share/compliance/assessments directory, also known as the repository. In this example, an administrator with the Compliance Reporter rights profile lists the locations of the latest reports for the recommended assessment name. 

$ pfexec compliance report -a recommended 
/var/share/compliance/assessments/8e0b65de-3ef1-11e6-854d-12345678abcd/report.html
$ pfexec compliance report -f log -a recommended 
/var/share/compliance/assessments/8e0b65de-3ef1-11e6-854d-12345678abcd/log
$ pfexec compliance report -f xccdf -a recommended 
/var/share/compliance/assessments/8e0b65de-3ef1-11e6-854d-12345678abcd/results.xccdf.xml