Quick Start Guide: CIS-CAT Centralized Workflow for Unix/Linux

Owned by Amanda McGown, created
Last updated: Sept 26, 2024
2 min read

Product Name

CIS-CAT Pro Assessor v4

Product Version

v4.x.x+

Date

Jan 17, 2024

Requirements

  • Download your CIS-CAT license zip file from CIS WorkBench. If you are not sure where to get your license file, see this SecureSuite License page for CIS-CAT Pro Assessor.

  • A network file share (e.g., NFS, Samba) installed and target systems mounted.

  • Administrator access to your CIS-CAT host server.

  • CIS-CAT centralized workflow requires Java versions 8 or 11, which is included in the “with Java” download of Assessor v4 under the \jre folder.

If you are using NFS, ensure that port 2049 is open. If you are using Samba, ensure that port 445 is open.

Implementation Steps

  1. Create a /cis root folder on the network file share location

  2. Copy the latest CIS-CAT Pro Assessor v4 bundle to /cis and extract. The structure should look like the following: /cis/Assessor

  3. Decide where assessment reports should output to and select the appropriate script to use cis-cat-centralized.sh or cis-cat-centralized-ccpd.sh

  4. Locate the required scripts in the /cis/Assessor/misc/Unix-Linux folder of the CIS-CAT Pro Assessor v4 bundle: cis-cat-centralized.sh OR cis-cat-centralized-ccpd.sh

There are some parameters in the centralized script files that users can customize, such as default Benchmarks and Profile levels. Please see the “Customize the Default Benchmark and Profiles” section of the Centralized Unix/Linux setup in the CIS-CAT Pro Assessor Configuration Guide.

  1. Run the centralized script with the following command: sudo ./cis-cat-centralized.sh

You may first have to run the chmod +x command to make the script executable.

  1. Once the scan completes, the reports location will be shown and the script will exit.

Keywords; CIS-CAT Pro Assessor Linux centralized scan quick start guide

Content by Label

Copyright © 2024

Center for Internet Security®