Minimum System Requirements;
Requirement | Description |
Platform | Vmware ESXi 5.0+, Hyper-V |
Operating System | Ubuntu 20.04 LTS (OVF Template) |
CPU | 8 cores (up to 1000 resources) |
Memory | 16 GB (up to 1000 resources) |
Disk Space | 750 GB or more (up to 2500 resources) |
Recommended System Requirements;
Requirement | Description |
Platform | Vmware ESXi 5.0+, Hyper-V |
Operating System | Ubuntu 20.04 LTS (Prepared Template) |
CPU | 16 cores or more (up to 2500 resources) |
Memory | 24 GB or more (up to 2500 resources) |
Disk Space | 750 GB or more (up to 2500 resources) |
Port Requirements
From SecHard to Resources | |||
Port | Protocol | Description | Container Name |
22(SSH) | TCP | SSH connection to network devices and Linux OS | Console |
23(Telnet) | TCP | Telnet connection to network devices | Console |
25(SMTP) | TCP | SMTP connection to e-mail server | Agent |
53(DNS) | UDP | DNS queries to DNS server | Winrm_Api |
88(Kerberos) | UDP | Kerberos authentication for Windows Servers | Winrm_Api |
123(NTP) | UDP | NTP connection for time synchronization | All Linux Servers |
161(SNMP) | UDP | SNMP connection to get information from network devices and notification | SNMP Exporter |
162(SNMP-Trap) | UDP | SNMP connection to get information from network devices and notification | SNMP Exporter |
389(LDAP) | TCP | Used for AD, RADIUS and TACACS+ | Agent |
443(API) | TCP | Used for environments with API support such as Virtualization, Cloud Systems, etc. | Agent |
445(SMBv3) | TCP | Windows operating systems are used for file time and to receive | Agent |
636(LDAPS) | TCP | Used for AD, RADIUS and TACACS+ | Agent |
3389(RDP) | TCP | RDP connection to Windows servers | Remote Gateway Server |
5985(WinRM) | TCP | WinRM connection to remotely control Windows systems | Winrm_Api |
5986(WinRM) | TCP | WinRM connection to remotely control Windows systems | Winrm_Api |
9100(Node_Exporter) | TCP | Monitoring Linux OS | Agent |
9182(WMI_Exporter) | TCP | Monitoring Windows OS | Agent |
Ping (echo) | ICMP | ICMP connection to check systems availability | All Linux Servers |
From Resources to SecHard | |||
Port | Protokol | Description | Container Name |
49(Tacacs) | TCP | TACACS queries for network devices | TACACS |
69(TFTP) | UDP | Updating firmware on network devices | TFTP |
443(HTTPS) | TCP | Web GUI access / Used for exporter installation | Web |
514(Syslog) | UDP | Syslog communication from network devices | Syslog |
1645(Radius) | UDP | Radius Aut queries for network devices | RADIUS |
1646(Radius) | UDP | Radius Acc queries for network devices | RADIUS |
From SecHard to Internet |
| ||
URL | Direction | Protokol / Port | Description |
Sechard ->Internet | TCP 443 | Used for container updates in Sechard | |
Sechard ->Internet | TCP 443 | Used for updates of vulnerability lists in Sechard. | |
https://cve.mitre.org/data/refs/refmap/source-EXPLOIT-DB.html | Sechard ->Internet | TCP 443 | Used for updates of exploit (MITRE) lists in Sechard. |
Account Authorization Requirements;
Requirement | Description |
Linux OS | If Remediation / Rollback will be applied on Linux servers, an account with root ( /etc/sudoers ) authority is required. |
Windows OS (Domain member) | If Remediation / Rollback will be implemented on the Windows Server / Client side, an AD User who is a member of the Local Administrators group is required (AD User is mandatory for Kerberos Auth.) |
Windows OS(Domain not member) | If Remediation / Rollback will be applied on the Windows Server / Client side, a Local User member of the Local Administrators group is required (Local User is used for Basic Auth.) |
Network Devices | If Remediation / Rollback will be applied on Switch, Router, Firewall, Wireless Controller, Load Balancer devices, Priv 15 (Config Mode), admin, super_user etc. A user with authorization is required. |
Application | Applications require a User who is a member of the Administrators group. |
SQL Database | If SQL Database Remediation/Rollback are to be applied, the 'sysadmin' role is recommended. If it's just for auditing, the 'serveradmin' role is recommended. |
MondoDB Database | If Remediation/Rollback will be applied, dbAdmin. If only Audit will be done, the dbadmin role should be given for operations. |
Oracle Database | Force Transaction if Redemediation/Rollback will be applied. Audit_Admin role should be given for Audit operations. |
PostgreSQL Database | Superuser if Redemediation/Rollback will be applied. For Audit operations, anyone who can login can perform Audit. |
How To Enable WinRM with Domain Group Policy for PowerShell Remoting
Add Comment