Testing a compliance rule
You can test whether a component satisfies a compliance rule in the Compliance Rule Editor.
You can test a rule against components on any managed server. You select the test servers in this procedure. The test servers have no relationship to servers that are selected on the Discover panel.
To test a compliance rule
- On the Compliance panel, select the rule you want to test and click Edit.
The Compliance Rule Editor opens.
- On the Rule Definition tab in the Compliance Rule Editor, click Test the Rule.
The Test Compliance Rule window opens.
- In the Component Selection area on the left, click Add Components.
The Add Components window opens.
Select the components that you want to test against, and click the right arrow to move your selections to the right panel.
Testing is possible on up to 100 components. For a larger number of components, create and run a Compliance Job.
- In the same window, select the server whose components you want to test, and click the right arrow to move your selections to the right panel.
To remove a component or server, select it and click Remove Item.
Click Run Testto test the rule on all selected components.
To stop the test run before it completes running, click Stop Test.
A green success or red failure icon appears beside each component.
Expand server and component branches to view test results.
- For more details about the success or failure of a component to satisfy the compliance rule, select the component.
Two panes display on the right. The top pane displays the full rule as defined through the Rule Editor, including all its conditions (basic conditions,
if-thenconditional constructs, or loops). Any condition within the rule that caused the rule to end in Non-compliant status appears in red. The overall compliance status for the full compliance rule appears at the top, as well as an indication of whether any exceptions were defined. The bottom pane displays compliance details on the target component for a selected condition.
In the top pane, select a basic condition within the rule.
In the bottom pane, the condition is parsed into columns for the left-hand-side (LHS) operand, comparison operator, and right-hand-side (RHS) operand. An additional Success column indicates whether the component satisfied the condition (either true or false). The actual value detected on the target component appears in brackets after the LHS operand so that you can see how it compares to the value in the RHS operand.
In the top pane, condition operands or loop operands that are very long are truncated and end with an ellipsis (...).
Cardinality conditions are not parsed in the bottom pane. A basic condition is not parsed if it contains wildscards and was satisfied by the component.
If a basic condition is preceded by a NOT logical operator, the Success column in the bottom pane shows a value of true when the condition appears in red in the top pane.
Lines that were not analyzed appear in gray in the rule in the top pane. For example:
elseblocks in a conditional construct that were skipped or not reached.
In a conditional construct only one
thenline, or the last
elseline, may appear in red. All
elseiflines always appear in black font.
In a Foreach loop, details are displayed in the bottom pane only for the non-compliant configuration objects. In a Count loop, details are displayed for all relevant configuration objects (whether compliant or not), but only if the entire loop was non-compliant.
- If a condition includes ACL information, you can view detailed ACL information for a target component by doing the following:
- Select an entry in the Target pane that includes ACL information and click View ACL Details. A details window opens. It provides a list of applicable permissions.
- Select a name in the Access Control List, and then click View ACL Details.
Another detail window shows permissions granted to the name you selected.
- Click Close and then click Close again to close both detail windows.
Click Close to close the Test Compliance Rule window.