/
Why do I receive a different score when running Assessor through a cron job?

Why do I receive a different score when running Assessor through a cron job?

Owned by Nick Romanzo, created
Last updated: Dec 15, 2022 by Amanda McGown
1 min read

Product Name

CIS-CAT Pro Assessor v4

Product Version

All

Date

Dec 22, 2021

 

Problem

I have a script that runs CIS CAT Pro from the Linux command line. When I run the script, the CIS CAT assessment runs fine.

However, if I run the same script using a cron job as the same user, some of the checks get reported as "unknown" and I wind up with a much lower compliance score.

 

Solution

This has to do with the environment variables that are part of a users profile. More specifically, them not being present when using cron.

Test on a RHEL 7 System as below. Note root is used just to keep a consistency: This is the command line option to run CIS-CAT; [root@ip-10-30-40-156 Assessor-CLI]# cd /CIS/Assessor-CLI ; ./Assessor-CLI.sh -b benchmarks/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v2.2.0-xccdf.xml -html --info Set a cronjob and add the `. $HOME/.bash_profile` to make sure the cronjob profile is the same; [root@ip-10-30-40-156 Assessor-CLI]# crontab -l 25 * * * * cd /CIS/Assessor-CLI ; . $HOME/.bash_profile ; ./Assessor-CLI.sh -b benchmarks/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v2.2.0-xccdf.xml -html --info Finally, compare the Total score for both runs and as you can see they are the same. [root@ip-10-30-40-156 Assessor-CLI]# grep Total: logs/assessor-cli.* 26/03/2020 19:23:07.550 INFO org.cisecurity.assessor.impl.status.ConsoleStatusWriter - Total: 58.23% 26/03/2020 19:25:28.377 INFO org.cisecurity.assessor.impl.status.ConsoleStatusWriter - Total: 58.23%

Keywords; cron cronjob

Content by Label

Copyright © 2020

Center for Internet Security®

 

 

Related content