Quick Start Guide: CIS-CAT Remote Linux Scanning From a Linux Host
Product Name
CIS-CAT Pro Assessor v4
Product Version
v4.X
Date
Aug 15, 2023
Overview
This guide shows how to perform a remote Linux scanning environment for CIS-CAT Pro Assessor from a Linux system.
Requirements
CIS-CAT Pro Assessor (CLI version without GUI)
Installation of OpenSSH server and client software
SSH access to the server (normally port 22)
A user with
sudo
privileges
Implementation Steps
Navigate to the
/Assessor/config
directory.Open the
sessions.properties
file using the text editor of your choice and go to the “Sample Remote Linux Connection” section. Uncomment the lines, as seen below in the screenshot, and input the values to connect to the remote target:
Save the file.
For details on the configuration properties for sessions.properties
, please see the following section from Assessor's Configuration Guide: https://ccpa-docs.readthedocs.io/en/latest/Configuration%20Guide/#linux-sessions.
4. Navigate back to the /Assessor
directory.
5. Run the following command (note that the Benchmark will depend on the target system):
>sudo ./Assessor-CLI.sh -b benchmarks/CIS_Ubuntu_Linux_22.04_LTS_Benchmark_v1.0.0-xccdf.xml -html
The xccdf.xml
file of the Benchmark must be used.
CIS-CAT Pro Assessor will automatically use a sessions file if configured.
You will be prompted to enter the password for the target system and the scan will start (output truncated):
Once the scan is complete, you will see an “Assessment Results Summary” along with the location of the generated HTML report:
The
/reports
directory will contain the ARF.xml and HTML reports:
Keywords; Linux remote scanning quick start guide assessor
Content by Label