SecHard
2.1. System Requirements
- Göktuğ Cihan
- Tuğberk Irgaş
- Cihat Altuntaş
Minimum System Requirements;
Requirement | Description |
Platform | Vmware ESXi 5.0+, Hyper-V |
Operating System | Ubuntu 20.04 LTS (OVF Template) |
CPU | 8 cores (up to 1000 resources) |
Memory | 16 GB (up to 1000 resources) |
Disk Space | 750 GB or more (up to 2500 resources) |
Recommended System Requirements;
Requirement | Description |
Platform | Vmware ESXi 5.0+, Hyper-V |
Operating System | Ubuntu 20.04 LTS (Prepared Template) |
CPU | 16 cores or more (up to 2500 resources) |
Memory | 24 GB or more (up to 2500 resources) |
Disk Space | 750 GB or more (up to 2500 resources) |
Port Requirements
From SecHard to Resources |
| ||
Port | Protocol | Description | Container Name |
22(SSH) | TCP | SSH connection to network devices and Linux OS | Console |
23(Telnet) | TCP | Telnet connection to network devices | Console |
25(SMTP) | TCP | SMTP connection to e-mail server | Agent |
53(DNS) | UDP | DNS queries to DNS server | Winrm_Api |
88(Kerberos) | UDP | Kerberos authentication for Windows Servers | Winrm_Api |
123(NTP) | UDP | NTP connection for time synchronization | All Linux Servers |
161(SNMP) | UDP | SNMP connection to get information from network devices and notification | SNMP Exporter |
162(SNMP-Trap) | UDP | SNMP connection to get information from network devices and notification | SNMP Exporter |
389(LDAP) | TCP | Used for AD, RADIUS and TACACS+ | Agent |
443(API) | TCP | Used for environments with API support such as Virtualization, Cloud Systems, etc. | Agent |
445(SMBv3) | TCP | Windows operating systems are used for file time and to receive | Agent |
636(LDAPS) | TCP | Used for AD, RADIUS and TACACS+ | Agent |
3389(RDP) | TCP | RDP connection to Windows servers | Remote Gateway Server |
5985(WinRM) | TCP | WinRM connection to remotely control Windows systems | Winrm_Api |
5986(WinRM) | TCP | WinRM connection to remotely control Windows systems | Winrm_Api |
9100(Node_Exporter) | TCP | Monitoring Linux OS | Agent |
9182(WMI_Exporter) | TCP | Monitoring Windows OS | Agent |
Ping (echo) | ICMP | ICMP connection to check systems availability | All Linux Servers |
From Resources to SecHard |
| ||
Port | Protokol | Description | Container Name |
49(Tacacs) | TCP | TACACS queries for network devices | TACACS |
69(TFTP) | UDP | Updating firmware on network devices | TFTP |
443(HTTPS) | TCP | Web GUI access / Used for exporter installation | Web |
514(Syslog) | UDP | Syslog communication from network devices | Syslog |
1645(Radius) | UDP | Radius Aut queries for network devices | RADIUS |
1646(Radius) | UDP | Radius Acc queries for network devices | RADIUS |
From SecHard to Internet |
| ||
URL | Direction | Protokol / Port | Description |
Sechard ->Internet | TCP 443 | Used for container updates in Sechard | |
Sechard ->Internet | TCP 443 | Used for updates of vulnerability lists in Sechard. | |
https://cve.mitre.org/data/refs/refmap/source-EXPLOIT-DB.html | Sechard ->Internet | TCP 443 | Used for updates of exploit (MITRE) lists in Sechard. |
Account Authorization Requirements;
Requirement | Description | Access Method |
|---|---|---|
Linux OS - Only Audit | A Linux user / AD user who is a member of the sudo group. | SSH |
Linux OS - Audit + Remediation + Rollback | A Linux user / AD user with root privileges. | SSH |
Windows OS (Domain Member - Server / Client) - Only Audit | An AD User who is a member of the WinRM group is required (winrm configSDDL default - read + execute) | WinRM (Kerberos, NTLM, Cert) |
Windows OS (Domain Member - Server / Client) - Audit + Remediation + Rollback | An AD User who is a member of the Local Administrators group is required. | WinRM (Kerberos, NTLM, Cert) |
Windows OS (Not a member of the domain - Server / Client) - Only Audit | A Local User who is a member of the WinRM group is required (winrm configSDDL default - read + execute). | WinRM (NTLM, Basic) |
Windows OS (Not a member of the domain - Server / Client) - Audit + Remediation + Rollback | A Local User who is a member of the Local Administrators group is required. | WinRM (NTLM, Basic) |
Windows Domain Controller - Only Audit | An AD User who is a member of the WinRM group is required (winrm configSDDL default - read + execute) | WinRM (Kerberos, NTLM, Cert) |
Windows Domain Controller - Audit + Remediation + Rollback | An AD User who is a member of the Administrators / Domain Administrators group is required. | WinRM (Kerberos, NTLM, Cert) |
Network Devices - Only Audit | A user with restricted privileges such as Monitoring, Read Only User, etc. is required. (Permission to execute 'sh run' on switches is required.) | SSH |
Network Devices - Audit + Remediation + Rollback | An admin, super_user, super_admin, sysadmin, etc. user with necessary privileges is required. | SSH |
SQL Database - Only Audit | serveradmin | DB Connection |
SQL Database - Audit + Remediation + Rollback | sysadmin / Control Server | DB Connection |
MongoDB - Only Audit | dbAdmin | DB Connection |
MongoDB - Audit + Remediation + Rollback | dbAdmin | DB Connection |
Oracle Database - Only Audit | Audit_Admin | DB Connection |
Oracle Database - Audit + Remediation + Rollback | DBA | DB Connection |
PostgreSQL Database - Only Audit | dbuser | DB Connection |
PostgreSQL Database - Audit + Remediation + Rollback | superuser | DB Connection |
Other Resources - Only Audit | A user with limited privileges such as Monitoring, Read Only User, etc. is required. | Native Protocol |
Other Resources Audit + Remediation + Rollback | An user with privileges such as Admin, super_user, super_admin, sysadmin, root, administrator, etc. is required. | Native Protocol |
How To Enable WinRM with Domain Group Policy for PowerShell Remoting
SecHard