Developed by Ivan Ng (ngivanyh) in coordination with Hundred Plus Global Ltd.
Fixes left: 125 - 16 = 109
Scripts that ensure CIS compliance on Linux according to the CIS Linux Distribution Independent benchmark v2.0.0. Note that this project is still a work in progress, these scripts have not been tested thoroughly yet. Feel free to use these scripts, but beware of the risks posed to the system. You were warned. A spec of this CIS Linux Distribution Independent benchmark v2.0.0 can be found here.
Each script has their own descriptive filename which indicates the areas of the system that aforementioned script will harden. To customize, change the number values associated with the variable at the top level of the file. Most of them are simply switching the value from 1 and 0, but there are special variables which do not follow that rule, they should be annotated by the comments beside it.
Here is the roadmap for this project
-
- Complete ALL fixes listed in the benchmark
-
- Improve logging of the scripts to include colored output and separate functions for logging
-
- Use
JSONfor configuration
- Use
-
- Implement the system for translating the
JSONinto thevariable_name=valuefor shell scripts.
- Implement the system for translating the
-
- Improve logic of the scripts to reduce repeated code, general codefixes
-
- Testing on a virtual machine to see if the desired fixes are applied
Below is a table of the scripts that have been tested
| Script | Test Status | Additional Comments |
|---|---|---|
ssh-fixes.sh |
||
netconfig.sh |
||
harden-files.sh |
||
filesystem-harden.sh |
Contribution in the form of pull requests, or submitting issues are welcome. If you are willing to contribute, please prioritize the completion of all the fixes (if your issue has something to do with that, kindly associate it with the "Finish all fixes" milestone).