Quick Start Guide: CIS-CAT Centralized Workflow for Unix/Linux
Product Name
CIS-CAT Pro Assessor v4
Product Version
v4.x.x+
Date
Jan 17, 2024
Requirements
From CIS WorkBench download CIS-CAT Pro Assessor v4 “with “Java” to your host system. Unzip
CIS-CAT-Assessor-windows-GUI-jre-v4.37.0.zipto the/cisdirectory (note that actual version numbers will change).
Download your CIS-CAT license zip file from CIS WorkBench. If you are not sure where to get your license file, see this SecureSuite License page for CIS-CAT Pro Assessor.
A network file share (e.g., NFS, Samba) installed and target systems mounted.
Administrator access to your CIS-CAT host server.
CIS-CAT centralized workflow requires Java versions 8 or 11, which is included in the “with Java” download of Assessor v4 under the
\jrefolder.
If you are using NFS, ensure that port 2049 is open. If you are using Samba, ensure that port 445 is open.
Implementation Steps
Create a
/cisroot folder on the network file share locationCopy the latest CIS-CAT Pro Assessor v4 bundle to
/cisand extract. The structure should look like the following:/cis/AssessorDecide where assessment reports should output to and select the appropriate script to use
cis-cat-centralized.shorcis-cat-centralized-ccpd.shLocate the required scripts in the
/cis/Assessor/misc/Unix-Linuxfolder of the CIS-CAT Pro Assessor v4 bundle:cis-cat-centralized.shORcis-cat-centralized-ccpd.sh
There are some parameters in the centralized script files that users can customize, such as default Benchmarks and Profile levels. Please see the “Customize the Default Benchmark and Profiles” section of the Centralized Unix/Linux setup in the CIS-CAT Pro Assessor Configuration Guide.
Run the centralized script with the following command:
sudo ./cis-cat-centralized.sh
You may first have to run the chmod +x command to make the script executable.
Once the scan completes, the reports location will be shown and the script will exit.
Keywords; CIS-CAT Pro Assessor Linux centralized scan quick start guide
Content by Label