Versions Compared

Old Version 3

changes.mady.by.user Alexander Zangerl

Saved on

compared with

New Version 4

changes.mady.by.user Keith Sinclair

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This command will not produce output unless there are fatal problems during the policy evaluation. All compliance assessments (and any "Rule Error" exceptions caused by benign rule problems) are stored in the database and are managed using the opConfig gui (Menu Views, Entry "Compliance Status").

Setup Sample Compliance for Cisco Devices

opConfig comes with a sample compliance policy for Cisco devices based on the NSA Cisco Best Practices document

Import the Compliance Template

Code Block
/usr/local/omk/bin/opconfig-cli.pl act=import_policy name="cisco-nsa" file=/usr/local/omk/conf/compliance_policies/cisco-nsa.nmis

View the Available Compliance Templates

Code Block
/usr/local/omk/bin/opconfig-cli.pl act=list_policies

The result will look like this

Code Block
Copyright (C) 2012 Opmantek Limited (www.opmantek.com)
This program comes with ABSOLUTELY NO WARRANTY;
See www.opmantek.com or email contact@opmantek.com


opConfig 1.0 is licensed to opmantek for 50 Nodes


Policy      Version   Date
cisco-nsa   1         2014-10-27T11:21:10

Run the Cisco NSA Compliance Template

Code Block
/usr/local/omk/bin/opconfig-cli.pl act=check_compliance name='cisco-nsa'

View the Compliance Status

You can now check the Complaince Status in the opConfig GUI.  Access the opConfig GUI at http://YOUR_SERVERNAME/omk/opConfig, login and then from the Menu Bar "Views -> Compliance Status".