Usage¶
Scheduling¶
A node and service compliance check run is scheduled once a week at the initiative of the OpenSVC agent. Upon execution, the agent fetches from the collector the node or service applicable ruleset and the applicable moduleset.
The modules are merged in a single, deduplicated, ordered by module filename list. Modules not present on the node will be silently bypassed.
The default schedule can be altered in <OSVCETC>/node.conf:
[compliance]
schedule = 02:00-06:00@241 sun,wed
Manual execution¶
A compliance check of all attached modulesets on a node can be triggered by:
om node compliance check
A compliance check of all attached modulesets on a service can be triggered by:
om <svcname> compliance check
A specific module compliance check:
om <svcname> compliance check --module <modname>
Managing moduleset attachments¶
Attach a moduleset to the node:
om node compliance attach --moduleset <modname>
Attach a moduleset to a service:
om <svcname> compliance attach --moduleset <modname>
Detach a moduleset from the node:
om node compliance detach --moduleset <modname>
Detach a moduleset from a service:
om <svcname> compliance detach --moduleset <modname>
Managing ruleset attachments¶
Attach a ruleset to the node:
om node compliance attach --ruleset <rsetname>
Attach a moduleset to a service:
om <svcname> compliance attach --ruleset <rsetname>
Detach a moduleset from the node:
om node compliance detach --ruleset <rsetname>
Detach a moduleset from a service:
om <svcname> compliance detach --ruleset <rsetname>
Querying the framework¶
List the installed modules:
om node compliance list module
List the available modulesets:
om node compliance list moduleset
List the available explicit rulesets:
om node compliance list ruleset
Show the currently attached modulesets:
om node compliance show moduleset
Show the currently presented rulesets:
om node compliance show ruleset
Show the status of the modules last run, as known by the collector:
om node compliance show status
Show the status of modules, specified by pattern, last run, as known by the collector:
om node compliance show status --module "%init%"