Enterprise Health Check

(This blog entry was in the publication queue for a while, so Chris Beal overtook me with his great blog entry)

For a very long time there are some security benchmarks in Solaris to assess your systems automatically with the compliance. Those benchmarks define a rich ruleset which is used to check your system if they adhere to this rules or not.

Best practices for a well-kept systems are often some really basic rules as well. For example „Do this“ or „Do not do this“. Thus when you already have a tool to check your systems based on rules for security, using it as well to check it for best-practice adherence is a quite obvious second step.

Oracle used this in the past to check your system for

root@solaris:~# pkg install ehc-solaris-policy@latest

Like the stackdb package used for the automatic analysis of core dumps for known issues, this package can be and must be independently updated. The idea is to give you the newest version of those package without the need to do the update.

root@solaris:~# pkg update ehc-solaris-policy@latest

When you want to run the benchmark to check for this rules, you just use the compliance tool.

root@solaris:~# compliance assess -b ehc
Assessment will be named 'ehc.2021-03-10,04:30'

Title
        Pool versions
Rule
        EHC-ZFS-00010
Result
        pass
[..]
Title
        Legacy Packages
Rule
        EHC-EOF-00010
Result
        fail

Currently (SRU 30) the following tests are implemented:

As this is a normal compliance benchmark you could automate the use of this benchmark on a multitude of system by using the compliance roster feature. I wrote a blog entry about this during the 11.4 beta phase.