I've done a kickstart profile which is meant to help towards meeting the CIS benchmarks: centos7-cis.ks
and a shell script to help audit whether a host meets the CIS benchmarks or not: cis-audit
Both work fine as far as I can tell. If anyone has time to review, I'd appreciate any comments or feedback. I'd be particularly interested in bug reports if anyone is kind enough to test.
They can be found at:
https://github.com/rosshamilton1/cissec
Unimportant Notes/Explanation:
I don't consider either to be the finished article. The shell script in particular is just a starting point. It's provided in it's current form as someone could easily pick it up and modify it to suit their own purposes. The output could be made more useful, I haven't decided on how it should look yet.
Yep I know it's a 1600 line shell script, usually if it was going to be 100+ lines I would use python. However sys admins are the intended users, I expect most sysadmins should be comfortable looking at shell, python may be tricky or off-putting for a significant number of people, hence bash.
The shell script is done in a way which is intended to be very easy to follow. The aim is to have a simple structure so that a user could easily modify it to suit their own environment. I realise this results in an unnecessarily lengthy script. In general I was aiming for clarity over brevity, that said, I think the functions are generally of a terse style.
kickstart + audit shell script : CIS benchmarks
Support for security such as Firewalls and securing linux
Return to “CentOS 7 - Security Support”
Jump to
- CentOS General Purpose
- ↳ CentOS - FAQ & Readme First
- ↳ Announcements
- ↳ CentOS Social
- ↳ User Comments
- ↳ Website Problems
- CentOS 8 / 8-Stream / 9-Stream
- ↳ 8 /8-Stream / 9-Stream - General Support
- ↳ 8 /8-Stream / 9-Stream - Hardware Support
- ↳ 8 /8-Stream / 9-Stream - Networking Support
- ↳ 8 /8-Stream / 9-Stream - Security Support
- CentOS 7
- ↳ CentOS 7 - General Support
- ↳ CentOS 7 - Software Support
- ↳ CentOS 7 - Hardware Support
- ↳ CentOS 7 - Networking Support
- ↳ CentOS 7 - Security Support
- CentOS Legacy Versions
- ↳ CentOS 5
- ↳ CentOS 5 - General Support
- ↳ CentOS 5 - Software Support
- ↳ CentOS 5 - Hardware Support
- ↳ CentOS 5 - Networking Support
- ↳ CentOS 5 - Server Support
- ↳ CentOS 5 - Security Support
- ↳ CentOS 5 - Oracle Installation and Support
- ↳ CentOS 5 - Miscellaneous Questions
- ↳ CentOS 6
- ↳ CentOS 6 - General Support
- ↳ CentOS 6 - Software Support
- ↳ CentOS 6 - Hardware Support
- ↳ CentOS 6 - Networking Support
- ↳ CentOS 6 - Security Support