What Assessment configurations are supported by the "-D" option ?
Product Name
CIS-CAT Pro Assessor
Product Version
v4.16.1+
Date
Oct 3, 2022
Problem
The -D
option is used "Instead of creating a new properties file for unique assessments, individual user properties may be specified using the -D
option together with a property=value
pair. This allows an assessment to only override specific user properties when only a small number differ from the defaults." Miscellaneous Options - CIS-CAT Pro Assessor v4 User Guide
In the User Guide I noticed examples such as -D https.proxyHost=
, -D https.proxyPort=
, and -D xccdf_org.cisecurity_value_jdbc.url=
.
Does this refer to the properties in the "assessor-cli.properties", "assessor-config-sample.xml" or "session.properties" Configuration files?
Are the
-D
option only for some self-defined properties, or it does support all the properties in the 3 configuration files ?
Solution
The -D
properties allow for a couple of things:
Overriding properties in the
assessor-cli.properties
file. These are properties likehttps.proxyHost=
,-D https.proxyPort=
mentioned above.Specifying values for "interactive values". A number of benchmarks, mostly the database management system ones, contain values in them which are dependent on user input. These are called "interactive values".
When not specified in the command line or through the
assessor-cli.properties
file, the user is prompted to manually enter the interactive values at assessment time. Since this could cause issues when trying to run assessments as part of a scheduled task, users can add the value to the command line. An example is the-D xccdf_org.cisecurity_value_jdbc.url
above.
When executing assessments using the "configuration XML" file, all values on the command line are ignored (except the -cfg
argument used to specify the configuration XML file). These same user properties and/or interactive values can be specified (per assessment) within the XML, and used in the same manner as if they'd been specified on the command-line for a single assessment.
Please refer to the CIS-CAT Pro Assessor v4 User Guide section "Using a Configuration XML File" for information on the configuration XML file structure
Keywords; -D Option Command Line
Content by Label