I am getting an error when I try and use the CIS-CAT Pro Assessor download for Linux with embedded Java


Product Name

CIS-CAT Pro Assessor

Product Version

Linux v4.27.0+

Date

Apr 13, 2023



 

Problem

After downloading the Linux bundle with JRE included and launching an Assessment over Terminal, I am getting an error stating:

“Error: Java is not in the JRE folder”

 

Solution

This download is designed for Linux ONLY operating systems and includes only shell scripts for tool operation on Linux. Centralized scripts utilize the embedded Java.

Users MUST ensure that the jre folder of the build has appropriate read and execute permissions in order for the assessment process to function. Where possible, CIS encourages Members to apply the principle of least privilege and provide Read and Execute to only the owner or owner and group.

  • An example of “least privilege” that members have found successful is setting read and execute by the owner (500) or owner and group (550) for just the jre folder is enough as that is where all the Java binaries needed for CIS-CAT execution are stored. An example command for this would be

    $ chmod -R 550 ~/mypath/Assessor/jre
  • Please Note: CIS Linux Benchmarks recommend preventing executions from partitions/file mounts /tmp or /var. Extracting CIS-CAT to those locations and setting the permission at a lower level of the jre directory will not allow execution of the program. As such, it is recommend that the CIS-CAT Pro Assessor directory be placed in a different location from partitions/file mounts such as /tmp or /var).

The embedded Java is only suitable for Linux OS, not MacOS. Please see this article if you are unable to use the MacOS with embedded Java [JRE]

https://cisecurity.atlassian.net/l/cp/wqN15nSv

Keywords; JRE Java Assessor MacOS Linux Permissions

Content by Label


Copyright © 2023

Center for Internet Security®