...
This command will not produce output unless there are fatal problems during the policy evaluation. All compliance assessments (and any "Rule Error" exceptions caused by benign rule problems) are stored in the database and are managed using the opConfig gui (Menu Views, Entry "Compliance Status").
Setup Sample Compliance for Cisco Devices
opConfig comes with a sample compliance policy for Cisco devices based on the NSA Cisco Best Practices document
Import the Compliance Template
Code Block |
---|
/usr/local/omk/bin/opconfig-cli.pl act=import_policy name="cisco-nsa" file=/usr/local/omk/conf/compliance_policies/cisco-nsa.nmis |
View the Available Compliance Templates
Code Block |
---|
/usr/local/omk/bin/opconfig-cli.pl act=list_policies |
The result will look like this
Code Block |
---|
Copyright (C) 2012 Opmantek Limited (www.opmantek.com)
This program comes with ABSOLUTELY NO WARRANTY;
See www.opmantek.com or email contact@opmantek.com
opConfig 1.0 is licensed to opmantek for 50 Nodes
Policy Version Date
cisco-nsa 1 2014-10-27T11:21:10 |
Run the Cisco NSA Compliance Template
Code Block |
---|
/usr/local/omk/bin/opconfig-cli.pl act=check_compliance name='cisco-nsa' |
View the Compliance Status
You can now check the Complaince Status in the opConfig GUI. Access the opConfig GUI at http://YOUR_SERVERNAME/omk/opConfig, login and then from the Menu Bar "Views -> Compliance Status".