Questions tagged [cis-framework]
The cis-framework tag has no summary.
11 questions
0
votes
3
answers
105
views
Practical approach to CIS 16.5: "Use up-to-date ... software components"
We're a .net shop seeking to implement CIS 16.5
Use up-to-date and trusted third-party software components. When
possible, choose established and proven frameworks and libraries that
provide adequate ...
- 109
2
votes
1
answer
80
views
Automated auditing of device image based on CIS Hardening Image Benchmark
I recently discovered the CIS Hardening Image Benchmarks and they seem very useful for auditing the baseline image of a device. However, these CIS Benchmarks are very in-depth and are around 1,300 ...
- 61
0
votes
1
answer
179
views
OS/DB Hardening Checklist Drafting Process
We are looking into reviewing our organization OS/DB hardening checklist (done by predecessor). We're aware that there are various benchmarks out there like CIS & STIG to guide on that, and the ...
- 3
-1
votes
1
answer
223
views
How to configure CDN GCP bucket access privileges
We use GCP Cloud Storage and Cloud CDN to deliver some static assets (html/css/js/.jpg/.png). The buckets used to store those are public with anonymous access (i.e. allUsers in GCP terms).
On one hand ...
- 99
0
votes
2
answers
135
views
Would the TCP port of a VPN with access to the VPC be considered as a "Server administration port" in CIS benchmark?
I'm deploying an AWS Infrastructure that should adhere the CIS Benchmark.
I'm trying to understand if the TCP port of the VPN server that permits access to the VPC has to be considered as a "...
- 111
1
vote
1
answer
1k
views
Where could we get CIS Hardening Scripts for AWS EC2?
CIS has published hardening standards for all operating systems of EC2 in AWS.
CIS also provides hardened images as well but they're quite expensive at $130/year/instance.
Is there a place where we ...
- 113
1
vote
1
answer
2k
views
CIS hardened linux vs SELinux(Security Enhanced)
What are the differences between the CIS hardened linux and SELinux(security linux)? Also, all the public cloud service providers support CIS hardened linux. Does it mean SELinux has lost the battle? ...
2
votes
0
answers
390
views
Why does the CIS benchmark consider the presence of passwd- a (high) risk [closed]
I've just seen a "high-risk security alert" for the presence of /etc/passwd- (note the trailing '-') on RHEL 8 servers, and don't understand the issue. Apparently the issue originates with ...
- 139
0
votes
2
answers
1k
views
What is the practical approach for CIS Benchmark (Ensure permissions on all logfiles are configured)?
I am trying to harden RHEL with CIS benchmark. One of the items states the following:
Ensure permissions on all logfiles are configured
Description: Log files stored in /var/log/ contain logged ...
- 36
0
votes
1
answer
2k
views
Minimum acceptable CIS compliance percentage?
How does a whole asset fail a CIS benchmarks assessment?
I am using Rapid7's InsightVM tool to run CIS scans on couple of our servers. One of them reported 68.27% compliance, while the other scored ...
- 1,447
0
votes
1
answer
2k
views
Map CIS benchmark recommendation to Severity
I am using CIS benchmark framework to audit my Linux OS, and I have received various pass/fail results. But is there any way to prioritize the fail results ? Is there any severity mapping available ...
- 443