2.1. System Requirements

Minimum Resource Requirements;

Gereksinim	Açıklama
Platform Requirement	Vmware ESXi 5.0 or above Hyper-V
Operating System	Ubuntu 20.04 LTS (Ready Template)
Processor	8 cores or above (up to 1000 devices)
Memory	16 GB or more (up to 1000 devices)
Storage	750 GB or more (up to 2500 devices)

Recommended Resource Requirements;

Gereksinim	Açıklama
Platform Requirement	Vmware ESXi 5.0 or higher Hyper-V
Operating System	Ubuntu 20.04 LTS (Ready Template)
Processor	16 cores or above (up to 2500 devices)
Memory	24 GB or more (up to 2500 devices)
Storage	750 GB or more (up to 2500 devices)

Port Access List

The port list that must be allowed for SECHARD to manage network devices and retrieve information is as follows.

SecHard to Devices
Port	Protocol	Source	Description	Module Name
22(SSH)	TCP	Network Devices - Linux Resources	Used to control network devices and Linux operating systems.	Security Hardening - Privilege Access Management
53(DNS)	UDP	Active Directory	Used for DNS name resolution.	Security Hardening
88(Kerberos)	UDP - TCP	Active Directory	Used for Kerberos communication. - It must be opened towards Domain Controller Servers.	Security Hardening
389(LDAP)	TCP	Active Directory	Used for AD, RADIUS and TACACS integration. - It must be opened towards Domain Controller Servers.	Zero Trust Orchestrator
636(LDAPS)	TCP	Active Directory	Used for AD, RADIUS and TACACS integration. - It must be opened towards Domain Controller Servers.	Zero Trust Orchestrator
123(NTP)	UDP	Active Directory - NTP Server	Used for time synchronisation.	Security Hardening
23(Telnet)	TCP	Network Devices	Used to connect to network devices.	Privilege Access Management
161(SNMP)	UDP	Network Devices	Used to collect information from network devices.	Operations Management
162(SNMP-Trap)	UDP	Network Devices	Used for notifications from network devices.	Operations Management
443(API)	TCP	API	Virtualisation, Cloud Systems etc. Used for environments with API support.	Security Hardening
9100(Node_Exporter)	TCP	Linux Resources	Used to monitor Linux operating systems.	Operations Management
25(SMTP)	TCP	Mail Server	Used for sending e-mails.	Zero Trust Orchestrator
Ping (echo)	ICMP	All Sources	Used for ping control for all attached devices.	Zero Trust Orchestrator
445(SMBv3)	TCP	Windows Resources	Used to send and receive files to and from Windows operating systems.	Privilege Access Management
3389(RDP)	TCP	Windows Resources	Used for remote Remote Desktop connection to Windows servers.	Privilege Access Management
5985(WinRM)	TCP	Windows Resources	Used to remotely control Windows operating systems with WinRM.	Security Hardening
5986(WinRM)	TCP	Windows Resources	Used to remotely control Windows operating systems with WinRM.	Security Hardening
9182(WMI_Exporter)	TCP	Windows Resources	Used to monitor Windows operating systems.	Operations Management

To Sechard from devices
Port	Protokol	Source	Description	Module Name
49(Tacacs)	TCP	Network Devices	Used for Tacacs enquiry.	Privilege Access Management
69(TFTP)	UDP	Network Devices	Used for Firmware Upgrade of network devices.	Operations Management
443(HTTPS)	TCP	Windows Resources - Linux Resources	Web GUI used for access / Exporter used for installation.	Operations Management
445(SMB)	TCP	Windows Resources	Used for Patch requirements of resources.	Patch Management
514(Syslog)	UDP	Network Devices	Used for Syslog notifications from network devices.	Operations Management
1645(Radius)	UDP	Network Devices	Used for Radius Aut query.	Privilege Access Management
1646(Radius)	UDP	Network Devices	Used for Radius Acc query.	Privilege Access Management

Sechard Container, Vulnerability and Exploit List Update Needs;

Sechard’dan İnternete
URL	Direction	Protocol / Port	Description	Module Name
https://hub.docker.com https://auth.docker.io https://registry-1.docker.io https://production.cloudflare.docker.com https://index.docker.io https://gcr.io/v2/	Sechard ->Internet	TCP 443	It is used for container updates in Sechard.	Zero Trust Orchestrator - Security Hardening -Privilege Access Management - Operations Management - Patch Management
https://nvd.nist.gov	Sechard ->Internet	TCP 443	It is used for updates of vulnerability lists in Sechard.	Operations Management
https://api.msrc.microsoft.com/	Sechard ->Internet	TCP 443	It is used to retrieve patch information of Windows operating systems.	Patch Management
https://cve.mitre.org/data/refs/refmap/source-EXPLOIT-DB.html	Sechard ->Internet	TCP 443	It is used for updates of exploit (MITRE) lists in Sechard.	Operations Management

Hesap Yetki Gereksinimleri;

Gereksinim	Açıklama	Erişim yöntemi
Linux İşletim Sistemi - Only Audit	Sudo gurubuna üye bir linux user / ad user	SSH
Linux İşletim Sistemi - Audit + Remediation + Rollback	Root yetkisine sahip bir linux user / ad user	SSH
Windows İşletim Sistemi (Domain üye - Server / Client) - Only Audit	WinRM grubuna üye bir AD User gerekmektedir (winrm configSDDL default - read + execute)	WinRM (Kerberos, NTLM, Cert)
Windows İşletim Sistemi (Domain üye - Server / Client) - Audit + Remediation + Rollback	Local Administrators grubuna üye bir AD User gerekmektedir	WinRM (Kerberos, NTLM, Cert)
Windows İşletim Sistemi (Domain üye değil - Server / Client) - Only Audit	WinRM grubuna üye bir Local User gerekmektedir (winrm configSDDL default - read + execute)	WinRM (NTLM, Basic)
Windows İşletim Sistemi (Domain üye değil - Server / Client) - Audit + Remediation + Rollback	Local Administrators grubuna üye bir Local User gerekmektedir	WinRM (NTLM, Basic)
Windows Domain Controller - Only Audit	WinRM grubuna üye bir AD User gerekmektedir (winrm configSDDL default - read + execute)	WinRM (Kerberos, NTLM, Cert)
Windows Domain Controller - Audit + Remediation + Rollback	Administrators / Domain Administrators grubuna üye bir AD User gerekmektedir	WinRM (Kerberos, NTLM, Cert)
Ağ Cihazları - Only Audit	Monitoring, Read Only User vb. kısıtlı yetkiye sahip bir kullanıcı gerekmektedir.(switchlerde sh run çalıştırabilme yetkisi gerekmektedir)	SSH
Ağ Cihazları - Audit + Remediation + Rollback	Admin, super_user, super_admin, sysadmin, vb. yetkiye sahip bir kullanıcı gerekmektedir.	SSH
SQL Database - Only Audit	Aşağıda ki belirtilen maddeler haricinde serveradmin / aynı permissionlara sahip custom bir user `2.11 Ensure SQL Server is configured to use non-standard ports (Automated)` `3.3 Ensure Orphaned Users are Dropped From SQL Server Databases (Automated)` `3.11 Ensure the public role in the msdb database is not granted access to SQL Agent proxies (Automated)` `5.3 Ensure Login Auditing is set to failed logins (Automated)` `5.4 Ensure SQL Server Audit is set to capture both failed and successful logins (Automated)` `7.4 Ensure Network Encryption is Configured and Enabled (Automated)`	DB Connection
SQL Database - Audit + Remediation + Rollback	sysadmin / Control Server / aynı permissionlara sahip custom bir user	DB Connection
MongoDB - Only Audit	dbAdmin	DB Connection
MongoDB - Audit + Remediation + Rollback	dbAdmin	DB Connection
Oracle Database - Only Audit	Audit_Admin, thin mode uyumlu account desteklenmektedir.	DB Connection
Oracle Database - Audit + Remediation + Rollback	DBA, thin mode uyumlu account desteklenmektedir.	DB Connection
PostgreSQL Database - Only Audit	dbuser	DB Connection
PostgreSQL Database - Audit + Remediation + Rollback	superuser	DB Connection
Other Resources - Only Audit	Monitoring, Read Only User vb. kısıtlı yetkiye sahip bir kullanıcı gerekmektedir.	Native Protocol
Other Resources Audit + Remediation + Rollback	Admin, super_user, super_admin, sysadmin, root, administrator vb. yetkiye sahip bir kullanıcı gerekmektedir.	Native Protocol

How To Enable WinRM with Domain Group Policy for PowerShell Remoting

How do I configure and troubleshoot WinRM?