LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-02-2019, 10:37 PM   #1
nirvaanr
LQ Newbie
 
Registered: Jun 2016
Distribution: Debian 10
Posts: 26

Rep: Reputation: Disabled
Automated script for CIS CentOS Linux 7 Benchmark please


Hi,

We have a requirement to enhance our Centos 7 Servers' security as per "CIS CentOS Linux 7 Benchmark" ( https://workbench.cisecurity.org/ )
that provides guidance for establishing a secure configuration posture for CentOS Linux 7.

Just wondering if anyone has any automated script to run to configure CentOS machines as per this benchmark document? I know it's a detailed document but a script would definitely ease our task.

Thanks!
 
Old 11-03-2019, 08:06 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by nirvaanr View Post
Hi,
We have a requirement to enhance our Centos 7 Servers' security as per "CIS CentOS Linux 7 Benchmark" ( https://workbench.cisecurity.org/ )
that provides guidance for establishing a secure configuration posture for CentOS Linux 7.

Just wondering if anyone has any automated script to run to configure CentOS machines as per this benchmark document? I know it's a detailed document but a script would definitely ease our task.
Any script someone has for their environment probably won't work for yours, since each environment/server is different. We are happy to help you, but we aren't going to write scripts for you.

Putting "centos cisecurity script" into Google pulls up a good deal, including two Github projects with audit scripts. Have you looked for any, or done any work towards your 'requirement'?
 
Old 11-03-2019, 08:49 AM   #3
nirvaanr
LQ Newbie
 
Registered: Jun 2016
Distribution: Debian 10
Posts: 26

Original Poster
Rep: Reputation: Disabled
Thanks TB0ne,

Those github projects run tests on the system to check for compliance against the CIS Benchmarks but NOT for configuring security on them. In fact they don't modify anything on the System.

I did not start any of my work but gone through most of CIS doc. Just wanted to check if someone already did it. Obviously I don't expect someone to write script specifically for me.

regards,
 
Old 11-04-2019, 06:59 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by nirvaanr View Post
Thanks TB0ne,
Those github projects run tests on the system to check for compliance against the CIS Benchmarks but NOT for configuring security on them. In fact they don't modify anything on the System.
Right; again, there WILL NOT BE ANY scripts to modify a system, because again, each system/environment is unique. No point in 'modifying' a system to have SSH run on a different port, when that particular server doesn't even RUN SSH at all.

Those scripts looked at things; is there a reason you cannot MODIFY those scripts to do things when conditions are found?
Quote:
I did not start any of my work but gone through most of CIS doc. Just wanted to check if someone already did it. Obviously I don't expect someone to write script specifically for me.
If you haven't started, you probably should if this is part of your job. Again, we're happy to help you if you're stuck, so post what you have written/done/tried.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux matches across CIS LXer Syndicated Linux News 0 12-31-2007 01:40 PM
LXer: The CIS Linux benchmark: Security best practices for Red Hat and Fedora Core LXer Syndicated Linux News 0 02-13-2006 08:31 AM
Solaris 10 x86 CIS security scan ghouliajoolia Solaris / OpenSolaris 5 02-11-2005 10:02 AM
Edimax Cardbus CIS problem debjan Linux - Networking 0 08-17-2003 06:54 AM
Edimax Carcbus CIS problem debjan Linux - Laptop and Netbook 0 08-17-2003 06:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration