[reiger]

With only a quick glance at the checks/code, this will suggest stupid things on Solaris. Solaris 11 has configuration compliance checker that is far more complete (and uses the correct interfaces) than this.

On solaris 11.2+ man compliance, and follow one set of the vendor recommendations (normal, high assurance, pci-dss).

The SCAP ecosystem exists, I see no need in this day and age to use shell scripts for configuration parsing.

[mboelen]

Appreciate the honest opinion. While you have valid points, not everyone wants to install SCAP for example. Besides that, the related SCAP might even not be available for your OS version. If the OS has a great compliance checker built-in, we definitely will advise using that as well.