First of all, thank you for registering for Halo!
To make getting started easier, we’ve put together a post to show you how to get you up and running in our Basic Edition from your first log in – showing you how to install your daemons, perform your first server scan, and view of your scan results.
You should have received a an email when you registered for a CloudPassage account. Visit the Halo Portal and log in with the username and temporary password you received in your registration email. You’ll be prompted to change your password.
After you change your password, you will be directed to choose a default configuration policy. Select a policy based on the operating system you’re using, as a starting point (for example, CentOS Core policy). Later, when you install other major packages on your server (e.g. Apache), you will want to install supplementary policies (e.g. CentOS Apache policy) – but for now, we’re just getting started.
Now it’s time to install a Halo Daemon. Connect and log into your server via your preferred method (in the example in the video we are connecting via SSH). If you should ever need to get back to the installation instructions, just look under the servers menu and click install daemons. If you’d like to install the daemon step-by-step, the commands are available here. If you’d prefer to do it quickly, just click download script and the installation shell script will appear in a new window. Copy/paste the highlighted script into your shell and run the commands. In less than 90 seconds the Halo Daemon will start up. The daemon is installed and updated using Yum or Apt to make life easy.
Once you have installed your daemon(s) return to the Halo Portal and click on the servers tab to get to your dashboard. The servers on which you just installed a daemon are now listed and have already been scanned. If not, just refresh your screen – the scan will typically be completed in less than one minute. Next to your servers’ names you’ll see abbreviated scan results. Click on a server name to get detailed information about the results of your scan.
You will first be presented with the results of your configuration scan. The configuration issues listed here have to do with the violations of the default policy you applied to this server. If you upgrade to the pro edition, you will also see data from your past scan results displayed as sparklines. Click on any one of the rule violations to see details about the issue and remediation suggestions. From this screen you can also disable the rule within the policy. More information about configuration scanning can be found here. Click on the server name in the breadcrumbs on the top left the screen to see the results of the other scans that were performed on this server.
On this page you will see an overview of all scans performed on this one server. Below the summary of the configuration scan, you will see a summary of the software scan. Click on details to learn more.
The software scan will show you issues in the packages installed on your system. Click an any of the CVE Reference links to get more information about a vulnerability. From the software issues page you can add an exception – for example, if you’re not able to upgrade a particular package due to dependencies. An exception will prevent a vulnerability from being reported for some period of time you can specify. More information about software scanning can be found here. Click on the server name in the breadcrumbs on the top left the screen to see the results of the other scans that were performed on this server.
Below the software scan summary is the server events report summary. You can view all server events here – you won’t have any when you first start out, because you’ll have to decide what activity about which you would like to be alerted. More information on how to set up server event policies can be found here. Click on the server name in the breadcrumbs on the top left the screen to see the results of the other scans that were performed on this server.
Below the server events report summary, your Halo Firewall policy will be displayed. You can see a brief overview here of the server’s individual firewall status, which you can manage through Halo. More information about setting up and managing your firewall can be found here.
The server access scan centralizes your visibility into who has what access to your server. The scan audits the accounts on your servers and includes a lot of useful detail. If you want to, you can edit user accounts right here in the Halo interface, or you can use our REST API to do this by upgrading to Halo Pro. More information about the features that Halo Pro offers can be found here.
When you’re done with your session, log out by clicking the link on the top right of your screen. If you ever forget your password, there is a password retrieval link on the log in screen.