Compliance check, Compliance policy, Viewing the compliance policy list – H3C Technologies H3C Intelligent Management Center User Manual
Page 618
604
Restoring a software file from the software baseline report page
The Restore button on the Software Update page provides a link to the Deployment Guide wizard for
updating or restoring system software. For more information about using the Deployment Guide for
updating or restoring system software, see "
Compliance check
Compliance check verifies whether configurations on devices are compliant with compliance policies
and shows the check results in various forms. In addition, compliance check can fix incompliant
configurations to make sure the network operates in a secure, stable environment.
Compliance check comprises the following elements:
•
Rule: Contains the violation severity level, check target, device vendor, device series, and the
content to be checked for a compliance policy. Rules must be associated with a compliance policy.
To create a rule, first create a compliance policy.
•
Compliance policy: Comprises one or more rules to check specific objects. Compliance policies
reduce operators' workload and improve the work efficiency. Multiple compliance policies can
share the same rules.
•
Check task: Contains one or more compliance policies that are associated with devices. You can
configure a check task to be executed once or periodically.
IMC shows the check results in policy view for analysis from the compliance policy's perspective, in
device view for analysis from the device's perspective, and in the execution report for analysis from a
comprehensive perspective.
Compliance check can also check whether the output of specific display commands is compliant with the
associated compliance policy. You need to add the display commands in the rules of the compliance
policy.
The iCC component uses configuration backups for compliance check. To perform compliance check,
first back up the latest startup configuration or the latest running configuration for the target device. For
more information about backing up device configuration files, see "
." To check the compliancy of the display command output, IMC logs into the target device
by using the specified login method and then executes the display command.
Compliance policy
IMC performs compliance check according to compliance policies.
A compliance policy comprises a set of rules and each rule defines the violation severity level, check type,
check target, vendor and product series under check, recovery commands, and the content to be
checked. The following sections describe how to configure and maintain compliance policies and their
rules.
Viewing the compliance policy list
To access the policy list:
1.
Navigate to Service > Compliance Policy
a.
Click the Service tab from the tabular navigation system on the top.
b.
Click the Compliance Center on the navigation tree on the left.
c.
Click Compliance Policy under Compliance Center on the left navigation tree.