This guide will show how to set up a remote Linux scanning environment for CIS-CAT Pro Assessor from a Windows system using a CMD prompt.
PowerShell installed on Windows system with Assessor
PowerShell LanguageMode is not configured to ConstrainedLanguage
ConstrainedLanguage mode blocks assessor actions as CIS-CAT PowerShell scripts cannot be dot-sourced
Verify LanguageMode using this command: PS> $ExecutionContext.SessionState.LanguageMode
Jump to guided video:
Navigate to \Assessor\config and open the sessions.properties file with Notepad++ or the text editor of your choice. NOTE: The version of Assessor you are using will likely be different, so be sure to change the version number in the path.
Edit the “Sample Remote Linux Connection” section by uncommenting (deleting the # symbol) the lines below.
For details on the configuration properties for |
If you are using a key pair instead of a password, then remove the |
3. From a CMD prompt, enter the following command (NOTE: your version of Assessor and the Benchmark name and version may be different than the one seen below):
>Assessor-CLI.bat -b benchmarks/CIS_Ubuntu_Linux_20.04_LTS_Benchmark_v1.1.0-xccdf.xml
You should see output similar to the one below:
On the Linux target, ensure that you have a firewall rule in place to allow port 22. |
Network diagram for remote scan setup
Problems with ssh connection for a remote assessment
Differing Results between Local and Remote Linux Assessment
Remote Linux Scan is at Stuck Collecting System Characteristics
Copyright © 2022 Center for Internet Security® Privacy Policy
Published: 9/7/22 Created by Nick Romanzo |