Minimum Resource Requirements:
Requirement | Description |
|---|---|
Platform Requirement | Vmware ESXi 5.0 or higher Hyper-V |
Operating System | Ubuntu 20.04 LTS (Ready Template) |
Processor | Core 8 or above (up to 1000 devices) |
Memory | 16 GB or higher (up to 1000 devices) |
Storage | 750 GB or above (up to 2500 devices) |
Recommended Resource Requirements;
Requirement | Description |
|---|---|
Platform Requirement | Vmware ESXi 5.0 or higher Hyper-V |
Operating System | Ubuntu 20.04 LTS (Ready Template) |
Processor | Core 16 or above (up to 2500 devices) |
Memory | 24 GB or higher (up to 2500 devices) |
Storage | 750 GB or above (up to 2500 devices) |
Port Access List
The list of ports that need to be allowed for SECHARD to manage its network devices and retrieve information is as follows:
From SecHard to Devices |
| ||
Port | Protocol | Description | Container Name |
22(SSH) | TCP | It is used to control network devices and Linux operating systems. | Console |
23(Telnet) | TCP | It is used to connect to network devices. | Console |
25(SMTP) | TCP | It is used for sending emails. | Agent |
53(DNS) | UDP | DNS is used for domain name resolution. | Winrm_Api |
88(Kerberos) | UDP - TCP | It is used for Kerberos communication. - It needs to be opened towards Domain Controller Servers. | Winrm_Api |
123(NTP) | UDP | It is used for time synchronization. | All Linux Servers |
161(SNMP) | UDP | It is used to gather information from network devices. | SNMP Exporter |
162(SNMP-Trap) | UDP | It is used for notifications from network devices. | SNMP Exporter |
389(LDAP) | TCP | It is used for AD, RADIUS, and TACACS integration. - It should be opened towards Domain Controller Servers. | Agent |
443(API) | TCP | It is used for environments with support for virtualization, cloud systems, etc. API. | Agent |
445(SMBv3) | TCP | It is used to send and receive files to Windows operating systems. | Agent |
636(LDAPS) | TCP | AD, RADIUS, and TACACS integration is utilized. - It needs to be opened towards Domain Controller Servers. | Agent |
3389(RDP) | TCP | Windows servers are used for remote desktop connections via Remote Desktop. | Remote Gateway Server |
5985(WinRM) | TCP | Windows operating systems are used to remotely control with WinRM. | Winrm_Api |
5986(WinRM) | TCP | Windows operating systems are used to remotely control with WinRM. | Winrm_Api |
9100(Node_Exporter) | TCP | It is used to monitor Linux operating systems. | Agent |
9182(WMI_Exporter) | TCP | It is used to monitor Windows operating systems. | Agent |
Ping (echo) | ICMP | The attached tool is used to perform ping checks on all devices. | All Linux Servers |
From Devices to SecHard |
| ||
Port | Protocol | Description | Container Name |
49(Tacacs) | TCP | It is used for TACACS query. | TACACS |
69(TFTP) | UDP | The network devices are used for Firmware Upgrade. | TFTP |
443(HTTPS) | TCP | It is used for web GUI access. | Web |
514(Syslog) | UDP | It is used for Syslog notifications coming from network devices. | Syslog |
1645(Radius) | UDP | It is used for the Radius Auth query. | RADIUS |
1646(Radius) | UDP | It is used for the Radius Acc query. | RADIUS |
Between Nodes | |
Port | Protocol |
112(VRRP) | TCP - UDP |
2377(Docker Swarm) | TCP |
7946(Docker Swarm) | TCP - UDP |
4789(Docker Swarm) | UDP |
24007(GlusterFS) | TCP - UDP |
24008(GlusterFS) | TCP - UDP |
49152(GlusterFS) | TCP - UDP |
27017(MongoDB) | TCP |
27018(MondoDB) | TCP |
27019(MongoDB) | TCP |
6379(Redis) | TCP |
26379(Redis) | TCP - UDP |
SecHard Container, Vulnerability and Exploitation List Update Needs;
From Sechard to the Internet |
| ||
URL | Direction | Protocol / Port | Description |
Sechard ->Internet | TCP 443 | The container is used for updates within Sechard. | |
Sechard ->Internet | TCP 443 | It is used to update weakness lists within Sechard. | |
Sechard ->Internet | TCP 443 | It is used to pull patch information for Windows operating systems. | |
Sechard ->Internet | TCP 443 | It is used to update the exploitation (MITRE) lists within Sechard. | |
Account Authorization Requirements;
Requirements | Description | Access method |
Linux Operating System - Only Audit | The user is a member of the sudo group in Linux / Active Directory. | SSH |
Linux İşletim Sistemi - Audit + Remediation + Rollback | A Linux user / AD user with root privileges. | SSH |
Windows Operating System (Not Domain member - Server / Client) - Only Audit | An AD User who is a member of the WinRM group is required (winrm configSDDL default - read + execute). | WinRM (Kerberos, NTLM, Cert) |
Windows Operating System (Not Domain member - Server / Client) - Audit + Remediation + Rollback | A member of the Local Administrators group is required for an AD User. | WinRM (Kerberos, NTLM, Cert) |
Windows Operating System (Not Domain member - Server / Client) - Only Audit | A Local User that is a member of the WinRM group is required (winrm configSDDL default - read + execute). | WinRM (NTLM, Basic) |
Windows Operating System (Not Domain member - Server / Client) - Audit + Remediation + Rollback | A Local User is required to be a member of the Local Administrators group | WinRM (NTLM, Basic) |
Windows Domain Controller - Only Audit | A member of the WinRM group requires an AD User (winrm configSDDL default - read + execute) | WinRM (Kerberos, NTLM, Cert) |
Windows Domain Controller - Audit + Remediation + Rollback | A member of the Administrators / Domain Administrators group requires an AD User. | WinRM (Kerberos, NTLM, Cert) |
Network Devices - Only Audit | Monitoring, Read Only User, etc. requires a user with limited permissions.(switches require permission to run sh run) | SSH |
Network Devices - Audit + Remediation + Rollback | A user with permissions such as admin, super_user, Super_admin, sysadmin etc. is required. | SSH |
SQL Database - Only Audit | serveradmin | DB Connection |
SQL Database - Audit + Remediation + Rollback | sysadmin / Control Server | DB Connection |
MondoDB Database - Only Audit | dbAdmin | DB Connection |
MondoDB Database - Audit + Remediation + Rollback | dbAdmin | DB Connection |
Oracle Database - Only Audit | Audit_Admin | DB Connection |
Oracle Database - Audit + Remediation + Rollback | DBA | DB Connection |
PostgreSQL Database - Only Audit | dbuser | DB Connection |
PostgreSQL Database - Audit + Remediation + Rollback | superuser | DB Connection |
Other Resources - Only Audit | Monitoring, Read Only User, etc. requires a user with limited permissions. | Native Protocol |
Other Resources Audit + Remediation + Rollback | A user with permissions such as admin, super_user, Super_admin, sysadmin, root, administrator, etc. is required. | Native Protocol |
How To Enable WinRM with Domain Group Policy for PowerShell Remoting
...