What Assessment configurations are supported by the "-D" option ?

Owned by Amanda McGown, created
Last updated: Dec 19, 2023 by Allan Cornwell
2 min read

Product Name

CIS-CAT Pro Assessor

Product Version

v4.16.1+

Date

Oct 3, 2022

 

Problem

The -D option is used "Instead of creating a new properties file for unique assessments, individual user properties may be specified using the -D option together with a property=value pair. This allows an assessment to only override specific user properties when only a small number differ from the defaults." Miscellaneous Options - CIS-CAT Pro Assessor v4 User Guide

In the User Guide I noticed examples such as -D https.proxyHost=, -D https.proxyPort=, and -D xccdf_org.cisecurity_value_jdbc.url=.

  • Does this refer to the properties in the "assessor-cli.properties", "assessor-config-sample.xml" or "session.properties" Configuration files?

  • Are the -D option only for some self-defined properties, or it does support all the properties in the 3 configuration files ?

 

Solution

The -D properties allow for a couple of things:

  1. Overriding properties in the assessor-cli.properties file. These are properties like https.proxyHost=, -D https.proxyPort= mentioned above.

  2. Specifying values for "interactive values". A number of benchmarks, mostly the database management system ones, contain values in them which are dependent on user input. These are called "interactive values".

    When not specified in the command line or through the assessor-cli.properties file, the user is prompted to manually enter the interactive values at assessment time. Since this could cause issues when trying to run assessments as part of a scheduled task, users can add the value to the command line. An example is the -D xccdf_org.cisecurity_value_jdbc.url above.

When executing assessments using the "configuration XML" file, all values on the command line are ignored (except the -cfg argument used to specify the configuration XML file). These same user properties and/or interactive values can be specified (per assessment) within the XML, and used in the same manner as if they'd been specified on the command-line for a single assessment.

 

Please refer to the CIS-CAT Pro Assessor v4 User Guide section "Using a Configuration XML File" for information on the configuration XML file structure

Keywords; -D Option Command Line

Content by Label

Copyright © 2022

Center for Internet Security®