Skip to content

Added securescan instructions #227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 30, 2025
Merged

Added securescan instructions #227

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion docs/radar/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ apt-get update
apt-get install tuxcare-radar
```

:::warning
If you do an in-place upgrade of your APT-based OS, you should change the version number in `/etc/apt/sources.list.d/tuxcare-radar.list` beforehand.
:::

## Configuration

You should have received your initial API key (something like `bc061b2b-c330-49f6-8953-849637d593ac`) along with your password.
Expand All @@ -73,6 +77,12 @@ enabled: true
apikey: FILLME
```

If you are registered to the EU instance instead of the default US one, you should also change the `base-url` like so:

```text
base-url: https://eu.radar.tuxcare.com
```

## Tagging

Tags are a powerful feature that let you easily identify and filter hosts based on tags. You can create tags to describe your environment, for example `prod`, `dev`, `staging` or the TuxCare products such as `esu`, `esa`, `kce`, or maybe location, such as `eu`, `us`, `apac`. To use tags, simply add them to /etc/tuxcare-radar/radar.yaml like so:
Expand All @@ -85,7 +95,7 @@ The next time a scan is run, the tags will appear in the asset overview.

## Firewall and Proxy Settings

TuxCare Radar requires outbound connectivity on tcp/443 (TLS) to `radar.tuxcare.com` which by default is in the US. If you need your own private instance, or can only use a certain geographical location, please discuss with your Account Manager. IPv6 or IPv4 can be used. No inbound connectivity is required, tuxcare-radar does not open any listening ports.
TuxCare Radar requires outbound connectivity on tcp/443 (TLS) to `radar.tuxcare.com` (default US instance) or `eu.radar.tuxcare.com` (EU instance). IPv6 or IPv4 can be used. No inbound connectivity is required, tuxcare-radar does not open any listening ports.

To use via a proxy, set the `https_proxy` environment variable based on your infrastructure. For running the service from cron, you can use this:

Expand Down Expand Up @@ -146,4 +156,10 @@ If you need to manually run a scan instantly for any reason, you can run:
su -s /bin/bash nobody -c "tuxcare-radar --config /etc/tuxcare-radar/radar.yaml"
```

If you would like to run a CIS benchmark compliance scan, you can run the following as root:

```text
tuxcare-radar securescan --config /etc/tuxcare-radar/radar.yaml
```

Then visit [https://radar.tuxcare.com](https://radar.tuxcare.com/) (US) or [https://eu.radar.tuxcare.com](https://eu.radar.tuxcare.com/) (EU) to view the results.