Skip to content

Server Preparation

Windows 10

Note

In order to run the OpenSCAP scanner, Microsoft Visual C++ Redistributable must be installed on the server.

WinRM HTTP

To add HTTP access, follow these steps:

  1. Run Command Prompt as administrator:

  2. Enter winrm qc command:

  3. If this command fails (as in the screenshot below), you need to change the network to Private / Domain:

    3.1 Right-click on the icon networks in the lower right corner, then - Open Network & Internet Settings:

    3.2 Change network to Private via Change connection properties:

WinRM HTTPS

To add HTTPS access, you need follow all the steps, as for the HTTP protocol (above), and run the commands in PowerShell as an administrator:

$ip="192.168.137.169" # your ip might be different
$c = New-SelfSignedCertificate -DnsName $ip `
                               -CertStoreLocation cert:\LocalMachine\My
winrm create winrm/config/Listener?Address=*+Transport=HTTPS "@{Hostname=`"$ip`";CertificateThumbprint=`"$($c.ThumbPrint)`"}"
netsh advfirewall firewall add rule name="WinRM-HTTPS" dir=in localport=5986 protocol=TCP action=allow

Windows Server

Note

In order to run the OpenSCAP scanner, Microsoft Visual C++ Redistributable must be installed on the server.

Winrm Protocol is enabled by default on Windows Servers, but you need to update one rule in firewall.

In Windows Firewall with Advanced Security for Inbound Rule you need to find a Windows Remote Management (HTTP-In) rule and in Scope select Any IP address in the Remote IP Address section.

Note

To add HTTPS access for Windows Server, follow the same steps as for Windows 10.

Linux

To add a Linux server, two types of SSH authentication can be used:

  • by Password
  • by SSH key

SSH password authentication

To add password access, enter a valid VM password in the Password field.

SSH key pair authentication

To add access using an SSH key, you must perform the following steps:

  1. Connect to the VM in any way and go to Terminal.

  2. Generate a key pair using the command:

    ssh-keygen -b 2048 -t rsa -f /tmp/compliance_key -q -N ""

  3. Enter the command:

    mkdir ~/.ssh && chmod 700 ~/.ssh && touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && vi ~/.ssh/authorized_keys

  4. Paste the copied key into the file:

    cat /tmp/compliance_key.pub >> ~/.ssh/authorized_keys

  5. Copy the private key using the cat /tmp/compliance_key command and paste when connecting the server to Compliance.