Skip to content

Server Preparation for Compliance

Windows 10

Running OpenSCAP

The OpenSCAP scanner requires Microsoft Visual C++ Redistributable to be installed.

Configuring WinRM over HTTP

To enable access via HTTP, follow these steps:

  1. Run Command Prompt as Administrator:

  2. Run the winrm qc command:

  3. If the command fails (as shown below), ensure that your network is set to Private / Domain:

    • Click the network icon in the bottom-right corner of the screen, then select Open Network & Internet Settings:

    • Switch the network type to Private in Change connection properties:

Configuring WinRM over HTTPS

To enable access via HTTPS, first complete the steps for HTTP, then run the following commands in PowerShell as Administrator:

$ip="192.168.137.169" # your ip might be different
$c = New-SelfSignedCertificate -DnsName $ip `
                               -CertStoreLocation cert:\LocalMachine\My
winrm create winrm/config/Listener?Address=*+Transport=HTTPS "@{Hostname=`"$ip`";CertificateThumbprint=`"$($c.ThumbPrint)`"}"
netsh advfirewall firewall add rule name="WinRM-HTTPS" dir=in localport=5986 protocol=TCP action=allow

Windows Server

Running OpenSCAP

The OpenSCAP scanner requires Microsoft Visual C++ Redistributable to be installed.

WinRM Protocol is enabled by default on Windows Servers, but you need to update rule in firewall:

  1. Open Inbound Rules in the Windows Firewall.
  2. Locate the rule Windows Remote Management (HTTP-In).
  3. In the Scope tab, under Remote IP Address, select Any IP address.

HTTPS access for Windows Server

To configure HTTPS access, follow the same steps as for Windows 10.

Linux

To add a Linux server, you can use one of two SSH authentication methods:

  • Password-based authentication
  • SSH key-based authentication

Password-Based SSH Authentication

To enable password-based access, enter a valid password in the Password field.

SSH Key-Based Authentication

To add access using an SSH key, you must perform the following steps:

  1. Connect to the server and open a Terminal.

  2. Generate a key pair using the command:

    ssh-keygen -b 2048 -t rsa -f /tmp/compliance_key -q -N ""

  3. Enter the command:

    mkdir ~/.ssh && chmod 700 ~/.ssh && touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && vi ~/.ssh/authorized_keys

  4. Add the public key to the authorized_keys file:

    cat /tmp/compliance_key.pub >> ~/.ssh/authorized_keys

  5. Copy the private key using the cat /tmp/compliance_key command and paste when connecting the server to Compliance.