Setting Policy and Assessment Options

You can get and set compliance policy and assessment options locally. Then, when you run the command compliance assess with no options, the assessment runs with the policy and options that you have set. If you have configured RAD on your systems by completing Configuring Administrators to Run Remote Compliance Commands, you can set compliance policy and assessment options remotely.

• For examples of setting and getting local compliance policy and options, see Listing All Benchmarks, Profiles, Assessments, and Reports and How to Schedule a Regular Assessment of a System Using Its Default Policy.

• For examples of running compliance operations remotely, see Example 2-10, Example 2-11, and Example 2-12.

• For using a roster to run multiple compliance operations remotely, see How to Create a Roster for Multiple Remote Assessments.

Example 2-10 Setting Up Assessments on a Remote System

The administrator on a SPARC system shows the policy and assessment options on an x86 system, then sets the policy and options remotely before verifying the results. The remote system's assessments will be stored on the SPARC system.

The argument to the -N option can be the IP address, node name, or FQDN because all three representations of the x86 system are in the known_hosts file: 192.0.2.111,myx86,myx86.example.org ssh-rsa AAAAB3NzaC1yc2....

SPARC $ compliance get-policy -N myx86
Benchmark:      solaris
Profile:        Baseline
Tailoring:
SPARC $ compliance get-options -N myx86
Assessment Name:
Matches:
Store-URI:
SPARC $ pfbash compliance set-policy -b solaris -p Recommended -N myx86
SPARC $ compliance set-options -a recommended -m testing=initial -s SPARC -N myx86
SPARC $ compliance get-policy -N myx86
Benchmark:      solaris
Profile:        Recommended
Tailoring:
SPARC $ compliance get-options  -N myx86
Assessment Name:        recommended
Matches:        testing=initial
Store-URI:      SPARC

Example 2-11 Changing Remote Assessment Options

The administrator on a SPARC system removes the tag from the assessments that are run on the x86 system, then verifies the results.

SPARC $ compliance get-options  -N myx86
Assessment Name:        recommended
Matches:        testing=initial
Store-URI:      SPARC
SPARC $ pfexec compliance set-options -m "" -N myx86
SPARC $ compliance get-options -N myx86
Assessment Name:        recommended
Matches:
Store-URI:      SPARC

Example 2-12 Running a Remote Assessment With Set Options

The administrator on a SPARC system runs an assessment on the x86 system that was remotely configured in the preceding examples. The output verifies that the assessment name and storage location are correctly configured.

SPARC $ pfexec compliance assess -N myx86
Assessment will be named 'recommended'
Remote assessment(s) will be stored via 'ssh://admin-name@myx86'