Listing Compliance Information and Locating Assessments and Reports
The compliance list
command is available to all users. With the verbose -v
and profile -p
options, this command lists the benchmarks, their short descriptions. and their profiles. With the -a
option, the command lists all the assessments that are stored on this system.
The -m
matches parameter enables you to administer assessments and reports according to metadata. System tags are on all assessments. You can use the -m
() matches option to add your own tags to selected assessments, then match those tags when listing and deleting assessments. To tag assessments with metadata, see Tagging Assessments With Metadata. For managing assessments based on their metadata, see Using Metadata to Manage Assessments.
Example 1-1 Listing All Benchmarks, Profiles, Assessments, and Reports
In this example, the administrator has specified pci
and recommended
on the command line as assessment names. The other assessment names were generated by the compliance assess
command without specified assessment names.
$ compliance list -vp Benchmarks: pci-dss: Solaris_PCI-DSS PCI-DSS Security/Compliance benchmark for Oracle Solaris solaris: Baseline, Recommended Oracle Solaris Security Policy $ compliance list -a pci UUID: b83e25ee-3eec-11e6-854a-12345678abc UUID: 38f99dbe-3ef0-11e6-854c-12345678abc recommended UUID: 439b344a-3eef-11e6-854b-12345678abc UUID: 8e0b65de-3ef1-11e6-854d-12345678abc pci-dss.2016-06-30,11:40 solaris.Recommended.2016-06-30,11:41
Note:
Thecompliance list -vp
lists only those benchmarks that have been installed. So, the previous compliance list -vp
output shows that only the compliance
package is installed. If you also have the ehc-solaris-policy
installed, information about the ehc
benchmark is also shown in the compliance list -vp
or compliance list -b
output.
Example 1-2 Locating Files in the Compliance Repository
The reports of assessments are stored in the /var/share/compliance/assessments
directory, also known as the repository. In this example, an administrator with the Compliance Reporter rights profile lists the locations of the latest reports for the recommended
assessment name.
$ pfexec compliance report -a recommended
/var/share/compliance/assessments/8e0b65de-3ef1-11e6-854d-12345678abcd/report.html
$ pfexec compliance report -f log -a recommended
/var/share/compliance/assessments/8e0b65de-3ef1-11e6-854d-12345678abcd/log
$ pfexec compliance report -f xccdf -a recommended
/var/share/compliance/assessments/8e0b65de-3ef1-11e6-854d-12345678abcd/results.xccdf.xml