commvault.com commvault.com
Solved

CIS Hardening scripts - usage

  • 25 August 2023
  • 5 replies
  • 436 views
A
Rank
Userlevel 1
Badge +13

i am trying to run cis hardening script , 

getting below output , help please ,

 

does anyone know right procedure to run this and expected output 

 

 

icon

Best answer by Scott Moseman 25 August 2023, 20:57

View original

5 replies

Scott Moseman
Rank
Userlevel 6
Badge +18


You pick a subsystem and the action.  Read the notes on Store for additional details.  Note that SQL and IIS are supported under Windows, and Tomcat under Linux.

# Usage
python cvcishardener.py [-h] [-s {sqlserver,IIS,tomcat}] [-o {audit,remedy,rollback}]

# Example
C:\Temp\cis hardeningautomation> python cvcishardener.py -s IIS -o remedy
Attempting stop…
Internet services successfully stopped
Attempting start…
Internet services successfully restarted
Reboot the system for all remedy changes to take effect.

Thanks,
Scott
 

Commvault Enterprise Success
A
Rank
Userlevel 1
Badge +13

@Scott Moseman  thank you so much , could you help me what are the changes , is there any report we can get ?

 

we have all in one setup in windows , so security team asking for tomcat security compliance , 

their tool is not able to access it , 

tomcat is installed in commserv as part of installation if i am not wrong , what are the basic securty measure we have in terms of tomcat appache 

what is role of this in all in one setup, 

i would appreciate if you can give a brief about this , thanks a ton again

Scott Moseman
Rank
Userlevel 6
Badge +18

Run both of these in audit more and check the under the “Logs” folder to see what they’re doing.

python cvcishardener.py -s IIS -o audit
python cvcishardener.py -s sqlserver -o audit

C:\Temp\cis hardeningautomation> dir Logs
Directory of C:\Temp\cis hardeningautomation\Logs
08/25/2023  02:52 PM            10,126 IIS.log
08/25/2023  02:53 PM            17,096 SQLSERVER.log

I don’t have an answer to why the script doesn’t work for Tomcat on Windows.

python cvcishardener.py -s tomcat -o audit
Exception: tomcat is not supported service for Windows platform

Thanks,
Scott

Commvault Enterprise Success
A
Rank
Userlevel 1
Badge +13

@Scott Moseman  thank you , 

 

 

Ralph
Rank
Userlevel 1
Badge +5

In addition for SQL Server you have to create this file:
..\SQL\resources\databaseinputs.json

An example for those who runs HDPS instead of pure Commvault:

{
  "db_credentials" : {
    "windows_authentication": true,
    "username" : "",
    "password" : "",
    "server" : "myCSname\\HDPS",
    "database" : "CommServ"
  }
}

 

Note: Yes, the double backslash is the key to get it work.

Reply


Terms & ConditionsCookie settings