Oracle Solaris Cluster Understanding Solaris Compliance Security Test Results on Node/System/Server with Solaris 11.2 and higher
Last updated on OCTOBER 18, 2017
Applies to:Solaris Cluster - Version OSC 4.2 to OSC 4.3 [Release 4.2 to 4.3]
Oracle Solaris on x86-64 (64-bit)
Oracle Solaris on SPARC (64-bit)
Solaris 11.2 introduced the /usr/bin/compliance command, to administer security compliance tests. It produces security assessments, where an assessment is an evaluation of the security configuration of a system, conducted against a benchmark. As of Solaris 11.3, Solaris ships with a benchmark containing two profiles, Baseline and Recommended.
For the Solaris 11.3 benchmarks, the tests currently known to result in incorrect determinations (usually, but not always, incorrect Fail results) are:
- OSC-16005 "All local filesystems are ZFS"
- OSC-40010 "Service svc:/network/nfs/status is disabled or not installed"
- OSC-38510 "Service svc:/network/nfs/nlockmgr is disabled or not installed"
- OSC-87500 "Strict multihoming is enabled"
- OSC-36500 "Name services are set to all local (files) only"
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms