Using Metadata to Manage Assessments
The compliance assess -m
matches command enables you to run an assessment with tags that you specify. You can later use these tags to select, list, and delete similarly-tagged assessments. For more information, see the Match Parameters
section of the compliance
(8) man page. The remote administration daemon (RAD) can retrieve metadata from assessments that are stored remotely.
Example 2-13 Managing Assessments by System Tags
System tags are attached to all assessments. In these examples, the administrator uses system metadata to identify and manage similar assessments.
-
This command finds all assessments from the month of September 2016. The output shows the UUID and the name of the assessment.
$ compliance list -a -m 'Timestamp>2016-08-31 & Timestamp<2016-10-01' 471761d4-2c39-11e6-bb5e-39c6d85e0d3a Name=passwdLength13Test.2016-09-07,17:57 069cab5c-2c3c-11e6-bb60-39c6d85e0d3a Name=passwdLength13Test.2016-09-17,17:17
-
This command finds all assessments later than the month of August 2016 on the
192.0.2.122
remote system.$ compliance list -a -m 'Timestamp>2016-08-31' -N test1@192.0.2.122
-
This command finds all assessments that share two tag values on a remote system.
$ compliance list -a -m 'Timestamp>2016-08-31 & Architecture=sun4v' \ -N test1@192.0.2.122
-
This command finds all assessments from the
basic
tailoring.$ compliance list -am Tailoring=basic 282356e8-3986-11e6-9c1e-c3e78f99d41d Name=HereBASIC 3989813e-3e39-11e6-9c22-c3e78f99d41d Name=basicRemote2 d0deea3e-3e56-11e6-978b-9f0b610d6a70 Name=basicRemote1 5f0038da-3e58-11e6-978c-9f0b610d6a70 Name=basic.2016-09-07,17:27 c9d9c748-3e58-11e6-978d-9f0b610d6a70 Name=basic.Remote1
-
This series of commands finds all assessments that begin with
example
, copies them, lists the remote copies, then deletes the original assessments on the local system.$ compliance list -a -m "Name>example & Name<f" 33333333-4ea1-11e6-9691-fbfbfbfbfbfb Name=example-roster.2016-09-07,10:41 11111111-4ea2-11e6-9692-abababababab Name=example-roster.2016-09-07,10:47 22222222-4ea3-11e6-9693-dededededede Name=example-roster.2016-09-07,10:55' $ pfexec compliance store -s mysparc -m "Name>example & Name<f" $ compliance list -N mysparc -m "Name>example & Name<f" Benchmarks: pci-dss solaris Assessments: 33333333-4ea1-11e6-9691-fbfbfbfbfbfb Name=example-roster.2016-09-07,10:41 11111111-4ea2-11e6-9692-abababababab Name=example-roster.2016-09-07,10:47 22222222-4ea3-11e6-9693-dededededede Name=example-roster.2016-09-07,10:55 $ pfexec compliance delete -n -m "Name>example & Name<f" would delete assessment UUID=33333333-4ea1-11e6-9691-fbfbfbfbfbfb, Name=example-roster.2016-09-07,10:41 would delete assessment UUID=11111111-4ea2-11e6-9692-abababababab, Name=example-roster.2016-09-07,10:47 would delete assessment UUID=22222222-4ea3-11e6-9693-dededededede, Name=example-roster.2016-09-07,10:55 $ pfexec compliance delete -m "Name>example & Name<f"
Example 2-14 Deleting Assessments by Metadata
In these examples, the administrator deletes assessments based on their metadata.
-
This command finds all assessments that were run on SPARC systems, deletes them, and verifies the deletion.
$ compliance list -am Architecture=sun4v 62622916-2dc8-11e6-9c14-c3e78f99d41d Name=basic.2016-07-07,15:28 87846452-2e90-11e6-9c15-c3e78f99d41d Name=basic.2016-07-09,15:21 abc11504-2e90-11e6-9c16-c3e78f99d41d Name=basic.2016-07-09,15:22 $ pfexec compliance delete -am Architecture=sun4v $ compliance list -am Architecture=sun4v $
-
This command finds all assessments whose name begins with
default
and then deletes them.$ compliance list -am "Name>default & Name<defaulu" 94f67aae-3a24-11e6-bb79-39c6d85e0d3a Name=default.2016-09-07,08:59 8142085e-52be-11e6-905f-753ff3457658 Name=default.2016-09-25,16:21 $ pfexec compliance delete -am "Name>default & Name<default"
Example 2-15 Copying Assessments by Metadata
In this example, the administrator copies assessments that were run on SPARC systems and copies them to a common store. The assessments are now in two locations, the local system and the common store.
$ compliance list -am Architecture=sun4v 62622916-2dc8-11e6-9c14-c3e78f99d41d Name=basic.2016-07-07,15:28 87846452-2e90-11e6-9c15-c3e78f99d41d Name=basic.2016-07-09,15:21 abc11504-2e90-11e6-9c16-c3e78f99d41d Name=basic.2016-07-09,15:22 $ pfexec compliance store -N mycommonstore -am Architecture=sun4v