Quick Start Guide: CIS-CAT Remote Linux Scanning From a Windows Host

Overview

This guide will show how to set up a remote Linux scanning environment for CIS-CAT Pro Assessor from a Windows system using a CMD prompt.

Requirements

• PowerShell installed on Windows system with Assessor

• PowerShell LanguageMode is not configured to ConstrainedLanguage

  • ConstrainedLanguage mode blocks assessor actions as CIS-CAT PowerShell scripts cannot be dot-sourced

  • Verify LanguageMode using this command: PS> $ExecutionContext.SessionState.LanguageMode

Jump to:

Implementation Steps

1. Navigate to \Assessor\config and open the sessions.properties file with Notepad++ or the text editor of your choice. NOTE: The version of Assessor you are using will likely be different, so be sure to change the version number in the path.

2. Edit the “Sample Remote Linux Connection” section by uncommenting (deleting the # symbol) the lines below.

Open

3. From a CMD prompt, enter the following command (NOTE: your version of Assessor and the Benchmark name and version may be different than the one seen below):

>Assessor-CLI.bat -b benchmarks/CIS_Ubuntu_Linux_20.04_LTS_Benchmark_v1.1.0-xccdf.xml

You should see output similar to the one below:

Open

Guided Video Resource on setting up CIS-CAT Pro Assessor for Remote Linux Scanning

Additional Troubleshooting Information

Network diagram for remote scan setup

Problems with ssh connection for a remote assessment

Linux Assessment Trouble

Differing Results between Local and Remote Linux Assessment

Remote Linux Scan is at Stuck Collecting System Characteristics

Copyright © 2022 Center for Internet Security® Privacy Policy