Oracle Solaris Cluster Understanding Solaris Compliance Security Test Results on Node/System/Server with Solaris 11.2 and higher
(Doc ID 2099210.1)
Last updated on OCTOBER 18, 2017
Solaris Cluster - Version OSC 4.2 to OSC 4.3 [Release 4.2 to 4.3] Oracle Solaris on x86-64 (64-bit) Oracle Solaris on SPARC (64-bit)
Solaris 11.2 introduced the /usr/bin/compliance command, to administer security compliance tests. It produces security assessments, where an assessment is an evaluation of the security configuration of a system, conducted against a benchmark. As of Solaris 11.3, Solaris ships with a benchmark containing two profiles, Baseline and Recommended.
We have identified some tests in those profiles which may not give correct results on a Solaris system which is configured with Oracle Solaris Cluster software. These tests are being corrected, but until such times as corrected tests are available, this document lists the tests and the issues, and explains how to interpret the test results to determine if there is, in fact, a compliance problem.
For the Solaris 11.3 benchmarks, the tests currently known to result in incorrect determinations (usually, but not always, incorrect Fail results) are:
OSC-16005 "All local filesystems are ZFS"
OSC-40010 "Service svc:/network/nfs/status is disabled or not installed"
OSC-38510 "Service svc:/network/nfs/nlockmgr is disabled or not installed"
OSC-87500 "Strict multihoming is enabled"
OSC-36500 "Name services are set to all local (files) only"
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!