CIS-CAT Pro Assessor Command line usage -D

Owned by Chris Boldiston
Last updated: Dec 19, 2023 by Allan Cornwell

Product Name

CIS-CAT Pro Assessor v4

Product Version

n/a

Date

Jul 17, 2020

Background

Options may be used on the command line and will override properties set in the assessor-cli.properties file. Utilize the -D option together with a property=value pair on the command line when you want a single scan to override defaults set in the assessor-cli.properties file.

Problem

We have seen an issue when using the Miscellaneous Option of -D to assess PostgreSQL databases. The command line assessment may fail with this error;

-- [obj:26334500] sql57_object: No description provided................. Exception in thread "main" org.postgresql.util.PSQLException: The server requires password-based authentication, but no password was specified.

Solution

In this specific example, the property=value must be enclosed in quotes so that the full jdbc command is passed to CIS-CAT. For example;

-D "xccdf_org.cisecurity_value_jdbc.url=jdbc:postgresql://127.0.0.1:5432/ciscatdb?user=ciscat&password=ciscat"

 

Copyright © 2020 Center for Internet Security® Privacy Policy