CIS Benchmark Scanning

Hi Team,

Can someone suggest or help me to perform CIS benchmark scanning for Win10 / MacOS.
Will it be possible to perform CIS benchmark scanning using InsightVM Agents ?
How can we perform authenticated scan on both the assets (win10/MacOS). Scanning using scanner need authenticated scans- then how can we leverage the authentication for both the assets.?
Kindly suggest me ASAP. Thanks in Advance.

Unfortunately Policy scanning is not available for the agents (yet) but it coming :soon:

You would need to use an authenticated scan to perform policy scans and the authentication you would use would be separate for each machine type. For Win10 you could use the CIFS service and for the Mac I would suggest SSH.

I tried to perform the same but getting an error for MAC machine as java.net.ConnectException.Connection timed out.

Can someone please help and if any documentation is available for policy scan. What is the best practise to perform CIS bench mark scanning on workstations. Kindly help us ASAP. Thank you.

There is no specific documentation about policy scanning on Mac devices. We have documentation about the Policy Manager and authenticating to Mac devices.

https://docs.rapid7.com/insightvm/working-with-policy-manager-results/

The error you are receiving sounds like there is something wrong with the username/password you are using for the SSH authentication.

1 Like

@Rocker_01 In a nutshell you to make sure you have an account that can SSH in and that the scanner has a clear path to do the same.

TLRD
Policy scans need to authenticate. To collect the information, the scanner is going to need to be able to reach the endpoint and the endpoint is going to need to expose its SSH port to the scanner. The credential you enter into the nexpose site will need to be valid and have access to the endpoint. java.net.ConnectException.Connection timed out normally means a firewall rule issue or service not running. Please read Authentication on Unix and related targets: best practices | Nexpose Documentation, notice the MAX OS section. This page has the command that the scanner runs to collect basic information. Policy scans are going to collect more information and are not covered on this page. In my experience, some policy scans are going to also require sudo elevation. Do a normal vulnerability scan. look at the services exposed in the results. if you don’t see ssh responding then, work on that and unblock whatever you need to do to expose ssh. After you unblock that, next you want to make sure you can logon. Test outside nexpose, can you SSH login. Test inside nexpose, can you use the test function in a credential and make it work. If so then you should be able to do a policy scan. Good luck.

2 Likes