Host Management

Overview

Hosts are the Linux servers that you want to scan for CIS compliance and/or harden. Each host requires SSH access for the platform to connect and perform operations.

Navigation

Menu: Infrastructure > Hosts

Page Layout

Host List

The host list displays all registered servers with the following columns:

Column	Description
Hostname	Server hostname or friendly name
IP Address	IP address for SSH connection
SSH User	Username for SSH authentication
Credential	Associated SSH credential name and type
OS	Detected operating system (auto-detected)
Status	Connection status (online/offline/unknown)
Actions	Available operations for the host

Sorting and Pagination

Click column headers to sort
Use pagination controls at bottom to navigate
Adjust page size (20, 50, 100, 200 items per page)

Toolbar Buttons

Button	Description
Add Host	Create a new host
Check All Status	Verify SSH connectivity to all hosts
Manage Credentials	Open credentials management modal
Bulk Scan (N)	Run compliance scan on N selected hosts
Bulk Harden (N)	Apply hardening to N selected hosts
Bulk Delete (N)	Delete N selected hosts

Adding a Host

Click Add Host button
Fill in the form:
- Hostname: Server name (e.g., web-server-01)
- IP Address: Server IP (e.g., 192.168.1.100)
- SSH Port: Default is 22
- SSH User: Username for connection (e.g., root or admin)
- SSH Credential: Select from existing credentials
Click Create

The OS will be automatically detected after the host is added.

Editing a Host

Click the … (more) dropdown menu on the host row
Select Edit
Modify the fields as needed
Click Update

Deleting a Host

Click the … (more) dropdown menu on the host row
Select Delete
Confirm deletion in the dialog

Warning: Deleting a host also removes all associated scan results and job history.

Host Actions

Primary Action: Harden

Click the Harden button on any host row to start hardening:

Select a hardening profile:
- CIS Profiles:
  - CIS Level 1 - Server
  - CIS Level 2 - Server
  - CIS Level 1 - Workstation
  - CIS Level 2 - Workstation
- STIG Profiles:
  - STIG Server
  - STIG Workstation
Select priority (Lowest, Low, Normal, High, Critical)
Click Start Hardening

Dropdown Menu Actions

Click … to access additional actions:

Action	Description
Check	Verify SSH connectivity to this host
Detect OS	Re-run OS detection
Edit	Modify host details
Delete	Remove the host

Check All Status

Click Check All Status in the toolbar to verify connectivity to all hosts at once.

Bulk Operations

Select multiple hosts using checkboxes, then use bulk action buttons:

Bulk Scan

Run compliance scans on selected hosts:

Select hosts using checkboxes
Click Bulk Scan (N) button
Select a SCAP profile from the dropdown
Click Start Scans

Progress bar shows scan creation progress.

Bulk Harden

Apply hardening to selected hosts:

Select hosts using checkboxes
Click Bulk Harden (N) button
Review selected hosts in the modal
Select hardening profile (CIS or STIG)
Select priority
Click Start Hardening All

Bulk Delete

Delete multiple hosts:

Select hosts using checkboxes
Click Bulk Delete (N) button
Confirm deletion in the dialog

Credentials Management

Click Manage Credentials button to open the credentials modal.

Viewing Existing Credentials

The modal displays a table of existing credentials with:

Name
Type (password or ssh_key)
Delete action

Creating a Credential

Fill in the form at the bottom:
- Name: Descriptive name (e.g., production-key)
- Type: Password or SSH Key
- Password or Private Key: Authentication data
Click Create

Deleting a Credential

Click Delete button on the credential row
Confirm deletion

Note: Credentials used by hosts cannot be deleted until removed from those hosts.

Status Indicators

Status	Color	Meaning
online	Green	SSH connection successful
offline	Red	SSH connection failed
unknown	Gray	Not yet checked

Auto-Refresh

Host status is automatically refreshed every 30 seconds.

Supported Operating Systems

Distribution	Versions
Ubuntu	18.04, 20.04, 22.04, 24.04
Debian	11, 12
RHEL/CentOS/AlmaLinux/Rocky	7, 8, 9, 10
Oracle Linux	7, 8, 9
Amazon Linux	2, 2023
SUSE/SLES	15
Fedora	37+

Hardening Profiles

CIS Benchmarks

Profile	Description
CIS Level 1 - Server	Basic security, minimal impact on functionality
CIS Level 2 - Server	Enhanced security, may impact some features
CIS Level 1 - Workstation	Basic security for desktops
CIS Level 2 - Workstation	Enhanced security for desktops

STIG Profiles

Profile	Description
STIG Server	DISA STIG compliance for servers
STIG Workstation	DISA STIG compliance for workstations

Troubleshooting

Host Shows Offline

Verify the IP address is correct
Check SSH port (default 22)
Verify credential is valid and not expired
Check network connectivity and firewalls
Try Check action to refresh status

OS Not Detected

Ensure host is online first
Click … > Detect OS to re-run detection
Check that /etc/os-release exists on the target
Verify SSH user has read permissions

Hardening Fails

Check the Jobs page for error details and Ansible output
Verify the host is online
Ensure SSH user has sudo privileges (or is root)
Check for conflicting services or configurations

Cannot Create Host

Verify IP address format is valid
Ensure hostname is unique
Select a valid credential
Check for required fields

Best Practices

Use descriptive hostnames for easy identification
Use SSH keys instead of passwords for better security
Test connectivity (Check) before running hardening
Start with CIS Level 1 before applying Level 2
Run compliance scan before and after hardening to measure improvement
Group operations - Use bulk actions for efficiency

Compliance Scanning - Run compliance scans
Jobs - View job status and Ansible output
Hardening - Detailed hardening information
Credentials - Detailed credential management

Getting Started Jobs