besides the docos and exes, there's the perl script which the binaries wrap and instructions to use that directly. see the FAQ -- http://www.cisecurity.org/bench_FAQ.html#2.4 -- "I'm concerned about running an untrusted binary on my system. Can I run the benchmark test without running the cis-scan binary?"
A:Yes. The cis-scan binary is really a simple wrapper program which has been linked against a copy of the Perl interpreter library (libperl.a) so that sites can run the tester without installing the Perl distribution. cis-scan simply runs the Perl code in the tester.sub file.
Assuming, your system already has Perl installed, you can run tester.sub directly with only minor modifications:
1.Edit the tester.sub file and locate the line which reads
sub tester {
Add an additional line above this line so that the file reads
&tester(); sub tester {
2.If Perl is not installed on the local machine as/usr/bin/perl, change the first line of tester.sub ("#!/usr/bin/perl") to use the appropriate path name.
3.Save your changes to tester.sub and exit the editor
4.Execute tester.sub directly by running/opt/CIS/tester.sub
How about the perl script it runs? If anyone bothered to prowl around the site, they'd find that the binary is a wrapper to run a perl script and that there are instructions to run the perl manually from your very own secure and audited interpreter.
Slashdot Mirror
besides the docos and exes, there's the perl script which the binaries wrap and instructions to use that directly. see the FAQ -- http://www.cisecurity.org/bench_FAQ.html#2.4 -- "I'm concerned about running an untrusted binary on my system. Can I run the benchmark test without running the cis-scan binary?"
/usr/bin/perl, change the first line of tester.sub ("#!/usr/bin/perl") to use the appropriate path name.
/opt/CIS/tester.sub
A:Yes. The cis-scan binary is really a simple wrapper program which has been linked against a copy of the Perl interpreter library (libperl.a) so that sites can run the tester without installing the Perl distribution. cis-scan simply runs the Perl code in the tester.sub file.
Assuming, your system already has Perl installed, you can run tester.sub directly with only minor modifications:
1.Edit the tester.sub file and locate the line which reads
sub tester {
Add an additional line above this line so that the file reads
&tester();
sub tester {
2.If Perl is not installed on the local machine as
3.Save your changes to tester.sub and exit the editor
4.Execute tester.sub directly by running
How about the perl script it runs? If anyone bothered to prowl around the site, they'd find that the binary is a wrapper to run a perl script and that there are instructions to run the perl manually from your very own secure and audited interpreter.