Automated script for CIS CentOS Linux 7 Benchmark please
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Automated script for CIS CentOS Linux 7 Benchmark please
Hi,
We have a requirement to enhance our Centos 7 Servers' security as per "CIS CentOS Linux 7 Benchmark" ( https://workbench.cisecurity.org/ )
that provides guidance for establishing a secure configuration posture for CentOS Linux 7.
Just wondering if anyone has any automated script to run to configure CentOS machines as per this benchmark document? I know it's a detailed document but a script would definitely ease our task.
Hi,
We have a requirement to enhance our Centos 7 Servers' security as per "CIS CentOS Linux 7 Benchmark" ( https://workbench.cisecurity.org/ )
that provides guidance for establishing a secure configuration posture for CentOS Linux 7.
Just wondering if anyone has any automated script to run to configure CentOS machines as per this benchmark document? I know it's a detailed document but a script would definitely ease our task.
Any script someone has for their environment probably won't work for yours, since each environment/server is different. We are happy to help you, but we aren't going to write scripts for you.
Putting "centos cisecurity script" into Google pulls up a good deal, including two Github projects with audit scripts. Have you looked for any, or done any work towards your 'requirement'?
Those github projects run tests on the system to check for compliance against the CIS Benchmarks but NOT for configuring security on them. In fact they don't modify anything on the System.
I did not start any of my work but gone through most of CIS doc. Just wanted to check if someone already did it. Obviously I don't expect someone to write script specifically for me.
Thanks TB0ne,
Those github projects run tests on the system to check for compliance against the CIS Benchmarks but NOT for configuring security on them. In fact they don't modify anything on the System.
Right; again, there WILL NOT BE ANY scripts to modify a system, because again, each system/environment is unique. No point in 'modifying' a system to have SSH run on a different port, when that particular server doesn't even RUN SSH at all.
Those scripts looked at things; is there a reason you cannot MODIFY those scripts to do things when conditions are found?
Quote:
I did not start any of my work but gone through most of CIS doc. Just wanted to check if someone already did it. Obviously I don't expect someone to write script specifically for me.
If you haven't started, you probably should if this is part of your job. Again, we're happy to help you if you're stuck, so post what you have written/done/tried.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.