![]() Terms of Use at, and that page states that "PDF versions of the CIS Benchmarks in accordance with the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License." This script is based on CIS IP and the terms are stated below. This software is still a work in progress and should not be run on production systems. cisrc is created when executing this script for the first time.Įdit this file to adjust to server specific requirements. It will however indicate what would be done if run in update mode.Ī file called. Post-script manual hardeningĪfter the automatic script has finished, perform the following manual steps, which are recommended by CIS.The purpose of these scripts is to harden Ubuntu and Debian Linux systems.Ĭis1804.sh is based on CIS Ubuntu Linux 18.04 LTS Benchmark v2.0.1 from cis2004.sh is based on CIS Ubuntu Linux 20.04 LTS Benchmark v1.1.0 from cisdebian.sh is based on CIS Debian Family Linux Benchmarks v1.1.0 (Draft) from Development started out as a test project for a large Swedish tech company but is now one of my hobies.Įxecuting this script without update mode (-u) will not make any changes to the operating system. The hardening logs are saved by default in /opt/remote-access-hardening-log.txtĪfter you have run the automatic hardening script, we recommend performing additional manual steps to complete the hardening, as described below. Sudo /snap/remote-access-cli/current/installation/harden.sh 2>&1 | tee /opt/remote-access-hardening-log.txt Ansible executes these modules, by default over SSH, and removes them when finished. The hardening scripts are based on Ansible, which works by connecting to your nodes and pushing small programs, called Ansible modules, to them. You can download these benchmark documents from. The hardening scripts are based on the following CIS hardening benchmarks:ĬIS Ubuntu Linux 22.04 LTS Benchmark v1.1.0ĬIS Ubuntu Linux 20.04 LTS Benchmark v1.1.0ĬIS Ubuntu Linux 18.04 LTS Benchmark v1.0.0ĬIS Red Hat Enterprise Linux 7 Benchmark_v3.1.0ĬIS Red Hat Enterprise Linux 8 Benchmark v2.0.0 Sudo /tmp/hardening/RHEL/RHEL7-CIS/harden.sh 2>&1 | tee /opt/remote-access-hardening-log.txt Sudo chmod +x /tmp/hardening/RHEL/RHEL7-CIS/harden.sh ![]() tmp/hardening/RHEL/RHEL7-CIS/defaults/main.yml snap/remote-access-cli/current/installation/hardening/RHEL/RHEL7-CIS/defaults/main.ymlĬhange the command that disables the LDAP client from rhel7cis_rule_2_3_5: true to Sudo /tmp/hardening/RHEL/RHEL8-CIS/harden.sh 2>&1 | tee /opt/remote-access-hardening-log.txt Sudo chmod +x /tmp/hardening/RHEL/RHEL8-CIS/harden.sh Run the updated hardening script,, as shown in the following example. tmp/hardening/RHEL/RHEL8-CIS/defaults/main.yml snap/remote-access-cli/current/installation/hardening/RHEL/RHEL8-CIS/defaults/main.ymlĬhange the command that disables the LDAP client from rhel8cis_rule_2_3_5: true to Sudo /tmp/hardening/Ubuntu/Ubuntu1804-CIS/harden.sh 2>&1 | tee /opt/remote-access-hardening-log.txt Sudo chmod +x /tmp/hardening/Ubuntu/Ubuntu1804-CIS/harden.sh Tmp/hardening/Ubuntu/Ubuntu1804-CIS/defaults/main.yml snap/remote-access-cli/current/installation/hardening/Ubuntu/Ubuntu1804-CIS/defaults/main.ymlĬhange the command that disables the LDAP client from ubuntu1804cis_rule_2_3_5: true to Sudo /tmp/hardening/Ubuntu/Ubuntu2004-CIS/harden.sh 2>&1 | tee /opt/remote-access-hardening-log.txt Sudo chmod +x /tmp/hardening/Ubuntu/Ubuntu2004-CIS/harden.sh Tmp/hardening/Ubuntu/Ubuntu2004-CIS/defaults/main.yml snap/remote-access-cli/current/installation/hardening/Ubuntu/Ubuntu2004-CIS/defaults/main.ymlĬhange the command that disables the LDAP client from ubtu20cis_ldap_clients_required:true to Sudo /tmp/hardening/Ubuntu/Ubuntu2204-CIS/harden.sh 2>&1 | tee /opt/remote-access-hardening-log.txt Sudo chmod +x /tmp/hardening/Ubuntu/Ubuntu2204-CIS/harden.sh Run the updated hardening script, as shown in the following example. Tmp/hardening/Ubuntu/Ubuntu2204-CIS/defaults/main.yml Open the main configuration file used during hardening, as shown in the following example. ![]() Sudo cp -r /snap/remote-access-cli/current/installation/hardening /tmp If the files under the snap directory are read-only, copy the installation folder to another location and then apply the change, as shown below:Ĭopy the installation folder to a different location, as shown in the following example. snap/remote-access-cli/current/installation/hardening/Ubuntu/Ubuntu2204-CIS/defaults/main.ymlĬhange the command that disables the LDAP client from ubtu22cis_ldap_clients_required:true to Open the main configuration file used during hardening.
0 Comments
Leave a Reply. |