Welcome to the Joval Utilities
The Joval Utilities is a lightweight, standalone assessment engine that provides access to the core capabilities of the Joval Java SDK via the command line. It’s included in all Enterprise Edition and Developer Edition trials and licenses.
Please follow this guide to deploy the Joval Utilities and run your first scan. It should take about 15 minutes.
Prerequisites
In order to complete this guide, you will need:
- The Joval Utilities
- A valid license file (.xml)
If you don’t have these, please register for an evaluation.
Deploy Joval
- Create a working directory:
joval - Download the Joval Utilities (.zip) and unzip it
- Rename the unzipped folder to
Joval-Utilitiesand move it to your working directory - Copy your license file
[your-domain].sig.xmlto your working directory - Add an empty folder to your working directory:
content
Your working directory should now look like this:
joval
content
Joval-Utilities
...
Joval-Utilities.jar
User_Guide.pdf
[your-domain].sig.xmlContinue from the command line (note: reverse slashes on Windows):
cd [path-to-your-working-directory]
:: Confirm that Java is installed on this device
java -version
:: If you don't have Java, we recommend Java 8:
:: http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html
:: Confirm successful deployment by viewing command line help
java -jar Joval-Utilities/Joval-Utilities.jar -?Note: Joval supports Java 6+, but we currently recommend Java 8 because XML support is less stable in Java 9-11.
Select Scan Content
Secure Configuration Assessment
To a run secure configuration assessment, download a baseline in SCAP format as follows:
- CIS Benchmarks
- The Joval Utilities includes certified CIS Benchmarks for many common platforms. If you plan to use one of these, you can skip to Configure & Scan.
- USGCB Benchmarks
- Visit the NIST USGCB Content Repository and select a platform benchmark
- Download the USGCB SCAP content
- Unzip it and copy the .xml file to the
contentfolder in yourjovalworking directory
- STIG Benchmarks
- Download a benchmark from the DISA IASE SCAP Repository (note whether it’s under the SCAP 1.2 heading or the SCAP 1.1 heading)
- For SCAP 1.2 Content
- Unzip it and copy the .xml file to the
contentfolder in yourjovalworking directory
- Unzip it and copy the .xml file to the
- For SCAP 1.1 Content
- Copy the downloaded .zip file to the
contentfolder in yourjovalworking directory
- Copy the downloaded .zip file to the
- SCAP Security Guides for Linux
- Download the latest
scap-security-guide.[version].zipfrom the OpenSCAP Releases Page - Unzip and copy the desired
ssg-[platform]-ds.xmlfile to thecontentfolder in yourjovalworking directory
- Download the latest
Vulnerability (CVE) Assessment
To run a vulnerability (CVE) assessment, download an OS-version-specific vulnerability feed in OVAL format to the content folder in your joval working directory:
- Microsoft, Cisco IOS, Cisco IOS-XE, HP-UX: select a feed from the CIS OVAL Repository
- RHEL: select a feed from the Red Hat OVAL Repository
- Ubuntu: select a feed from the Canonical OVAL Repository
- SUSE: select a feed from the Novell OVAL Repository
- Debian: select a feed from the Debian OVAL Repository
Configure & Scan
The Joval Scan Configuration Assistant will guide you through the process of creating a scan configuration file. Continue from the command line (note: reverse slashes on Windows):
cd [path-to-your-working-directory]
:: Start the assistant and follow prompts to create your configuration file
java -Dlicense.file=[your-domain].sig.xml -jar Joval-Utilities/Joval-Utilities.jar scan
:: Then, run your scan!
java -Dlicense.file=[your-domain].sig.xml -jar Joval-Utilities/Joval-Utilities.jar scan -c config.ini
:: Review the output files and logs in the configured folders
Next Steps
- Configure & Scan using alternate scan content and targets
- Review the
User_Guide.pdfin theJoval-Utilitiesfolder for additional configuration options including:- Tailoring configuration
- Gateway & Proxy configuration
- Scan hosts file configuration
- File-less configuration via
-c - - Custom report creation
Questions? Feedback?
Please contact your account executive or reach out here!
