Skip to main content

QuickStart

Use this QuickStart guide to explore the Baz system.

Example

This example writes different types of data to JSON files, and then tests read & verify the contents. The files are removed after the tests complete.

  1. Download the bazcli build.

    You can use the Downloads page to verify the checksum and download or use the below commands.

    Debian, Ubuntu, WSL2

    wget https://bazc.io/downloads/bazcli-0_0.1.4_amd64.deb

    RHEL

    wget https://bazc.io/downloads/bazcli-0.1.4-1.x86_64.rpm

  2. Set up bazcli package.

    Debian, Ubuntu, WSL2

    sudo apt install ./bazcli-0_0.1.4_amd64.deb

    RHEL

    sudo yum install ./bazcli-0.1.4-1.x86_64.rpm

  3. Execute the example tests from butils_json.js present under /opt/bazc/bazcli/examples/.

    /opt/bazc/bazcli/bin/bazcli test /opt/bazc/bazcli/examples/butils_json.js --output=report.csv

  4. Review the results in report.csv file.

  5. Feel like digging in? Run the above command with the verbose or logging flag(man bazcli).

    /opt/bazc/bazcli/bin/bazcli test /opt/bazc/bazcli/examples/butils_json.js --output=report.csv --verbose

Next - Verify CIS Windows 2022 Benchmark 📘

Quickly test Active Directory Group Policies against the CIS benchmark through the Active Directory test collection. For detailed information on the Baz system and collections, please see the introduction and the collection pages.

  1. Configure baz-plugins.

    sudo systemctl enable baz-plugins
    sudo systemctl start baz-plugins

  2. Clone the Baz test collection repository.

    git clone https://github.com/bazc-io/baz-test-collection.git
    cd baz-test-collection

  3. Configure Windows plugin prerequisites.

  4. Configure the actor for the Windows plugin. You can use the template file win.toml present under the config directory. The configuration fields support tokens that are explained in the tokens section.

    • Change the domain field to your AD root domain.

    • Change the username field to a username from your AD environment with the right authorizations. You can specify the user through the env token or directly, e.g., corp\freddy.

    • Change the password field to specify the user's password specified in the step above. Although the password can be specified directly or through environment tokens, we highly recommend using the secret token to specify the password.

    • Change the ca_certs field to the location of the AD CA certificate PEM file using the file token. You can export the certificate directly from the CA server in PEM(Base-64) format with the following command certutil -ca.cert ca_name.cer.

      [win]
      plugin = 'win_plugin'
      url = 'localhost:60986'

      [win.params]
      domain = 'corp.bazc.com'
      username = 'corp\freddy'
      password = 'secret://secret.ad.password'
      ca_certs = 'file:///home/freddy/shared/CA.pem'

  5. Run the test on your AD environment with the below command -

    /opt/bazc/bazcli/bin/bazcli test --actors active_directory/config/win.toml --name="CIS Windows Server 2022" --output=report.csv active_directory/

    The actors configuration - win.toml (--actors) file was configured in step 4 above.

  6. Verify the result in the generated report.csv file.