Skip to main content
commvault.com commvault.com
Solved

CIS Hardening scripts - usage

A
Byte
Forum|alt.badge.img+15

i am trying to run cis hardening script , 

getting below output , help please ,

 

does anyone know right procedure to run this and expected output 

 

 

Best answer by Scott Moseman

Run both of these in audit more and check the under the “Logs” folder to see what they’re doing.

python cvcishardener.py -s IIS -o audit
python cvcishardener.py -s sqlserver -o audit

C:\Temp\cis hardeningautomation> dir Logs
Directory of C:\Temp\cis hardeningautomation\Logs
08/25/2023  02:52 PM            10,126 IIS.log
08/25/2023  02:53 PM            17,096 SQLSERVER.log

I don’t have an answer to why the script doesn’t work for Tomcat on Windows.

python cvcishardener.py -s tomcat -o audit
Exception: tomcat is not supported service for Windows platform

Thanks,
Scott

View original
Did this answer your question?

5 replies

Scott Moseman
Vaulter
Forum|alt.badge.img+18


You pick a subsystem and the action.  Read the notes on Store for additional details.  Note that SQL and IIS are supported under Windows, and Tomcat under Linux.

# Usage
python cvcishardener.py [-h] [-s {sqlserver,IIS,tomcat}] [-o {audit,remedy,rollback}]

# Example
C:\Temp\cis hardeningautomation> python cvcishardener.py -s IIS -o remedy
Attempting stop…
Internet services successfully stopped
Attempting start…
Internet services successfully restarted
Reboot the system for all remedy changes to take effect.

Thanks,
Scott
 

Commvault Enterprise Success
Nikos.Kyrm
A
2 people like this
  • Nikos.Kyrm
    Nikos.Kyrm
  • A
    Ajal
A
Byte
Forum|alt.badge.img+15
  • Ajal
  • Author
  • Byte
  • 162 replies
  • August 25, 2023

@Scott Moseman  thank you so much , could you help me what are the changes , is there any report we can get ?

 

we have all in one setup in windows , so security team asking for tomcat security compliance , 

their tool is not able to access it , 

tomcat is installed in commserv as part of installation if i am not wrong , what are the basic securty measure we have in terms of tomcat appache 

what is role of this in all in one setup, 

i would appreciate if you can give a brief about this , thanks a ton again

Scott Moseman
Vaulter
Forum|alt.badge.img+18

Run both of these in audit more and check the under the “Logs” folder to see what they’re doing.

python cvcishardener.py -s IIS -o audit
python cvcishardener.py -s sqlserver -o audit

C:\Temp\cis hardeningautomation> dir Logs
Directory of C:\Temp\cis hardeningautomation\Logs
08/25/2023  02:52 PM            10,126 IIS.log
08/25/2023  02:53 PM            17,096 SQLSERVER.log

I don’t have an answer to why the script doesn’t work for Tomcat on Windows.

python cvcishardener.py -s tomcat -o audit
Exception: tomcat is not supported service for Windows platform

Thanks,
Scott

Commvault Enterprise Success
A
Byte
Forum|alt.badge.img+15
  • Ajal
  • Author
  • Byte
  • 162 replies
  • August 28, 2023

@Scott Moseman  thank you , 

 

 

Ralph
Vaulter
Forum|alt.badge.img+8
  • RalphVaulter
  • Vaulter
  • 50 replies
  • January 5, 2024

In addition for SQL Server you have to create this file:
..\SQL\resources\databaseinputs.json

An example for those who runs HDPS instead of pure Commvault:

{
  "db_credentials" : {
    "windows_authentication": true,
    "username" : "",
    "password" : "",
    "server" : "myCSname\\HDPS",
    "database" : "CommServ"
  }
}

 

Note: Yes, the double backslash is the key to get it work.

Nikos.Kyrm
1 person likes this
  • Nikos.Kyrm
    Nikos.Kyrm

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings