Hosting the CIS-CAT Pro Assessor bundle internally

Security Compliance Management supports a limited number of concurrent downloads of the CIS-CAT Pro Assessor to each Puppet-managed node. In lab testing, a maximum of approximately 120 concurrent downloads was achieved. For large-scale environments, hosting the CIS-CAT Pro Assessor on an internal server can help facilitate simultaneous downloading of the assessor to a large number of nodes during the installation or upgrade of SCM.

There are three separate assessor bundles: one each for Linux, Mac, and Windows. If you choose to host your CIS-CAT Pro Assessor internally, you must download the appropriate assessor bundle for your operating system.

To host the assessor file internally, complete the following steps:

1. Download the appropriate assessor bundle for your operating system. The assessor bundles are located at:
   • https://<SCM_FQDN>/files/assessor/linux
   • https://<SCM_FQDN>/files/assessor/mac
   • https://<SCM_FQDN>/files/assessor/windows
2. In the Puppet Enterprise (PE) console, click Node Groups > PE Infrastructure > PE Agent > Classes.
3. In the Add new class field, select the Security Compliance Management class.
4. In the Parameter name field, select scanner_source.
5. Set the value of the scanner source to the URL where the assessor is hosted. For example, the URL can have the following structure, where server-hosting-assessor-ip specifies the IP address of the server that hosts the assessor and os specifies either mac, linux, or windows:

   http://server-hosting-assessor-ip/assessor/os/assessor.zip

6. Commit the changes.

 

Related information

• Guidelines for running Security Compliance Management at scale