Usage ***** Scheduling ========== A node and service compliance check run is scheduled once a week at the initiative of the OpenSVC agent. Upon execution, the agent fetches from the collector the node or service applicable ruleset and the applicable moduleset. The modules are merged in a single, deduplicated, ordered by module filename list. Modules not present on the node will be silently bypassed. The default schedule can be altered in ``/node.conf``: :: [compliance] schedule = 02:00-06:00@241 sun,wed Manual execution ================ A compliance check of all attached modulesets on a node can be triggered by: :: sudo nodemgr compliance check A compliance check of all attached modulesets on a service can be triggered by: :: sudo svcmgr -s compliance check A specific module compliance check: :: sudo svcmgr -s svcname> compliance check --module Managing moduleset attachments ============================== Attach a moduleset to the node: :: sudo nodemgr compliance attach --moduleset Attach a moduleset to a service: :: sudo svcmgr -s compliance attach --moduleset Detach a moduleset from the node: :: sudo nodemgr compliance detach --moduleset Detach a moduleset from a service: :: sudo svcmgr -s compliance detach --moduleset Managing ruleset attachments ============================ Attach a ruleset to the node: :: sudo nodemgr compliance attach --ruleset Attach a moduleset to a service: :: sudo svcmgr -s compliance attach --ruleset Detach a moduleset from the node: :: sudo nodemgr compliance detach --ruleset Detach a moduleset from a service: :: sudo svcmgr -s compliance detach --ruleset Querying the framework ====================== List the installed modules: :: sudo nodemgr compliance list module List the available modulesets: :: sudo nodemgr compliance list moduleset List the available explicit rulesets: :: sudo nodemgr compliance list ruleset Show the currently attached modulesets: :: sudo nodemgr compliance show moduleset Show the currently presented rulesets: :: sudo nodemgr compliance show ruleset Show the status of the modules last run, as known by the collector: :: sudo nodemgr compliance show status Show the status of modules, specified by pattern, last run, as known by the collector: :: sudo nodemgr compliance show status --module "%init%"