CIS Benchmarking

[Charles Mckee]

Hello All,

 

I would like to know has anyone gotten OSSEC to do an audit using the CIS-Benchmarking V7 standard on Linux servers?

 

If you have how and what configs did you use?

 

Please can you let me know explicitly.

 

I thank you for your time !!

 

Respectfully Yours

Charles McKee

 

DecisivEdge, LLC

O:  302.299.1570 x432  |  C:  302.320.6968  |  F:  302.299.1578

131 Continental Dr |  Suite 409  |  Newark, DE 19713

charle...@decisivedge.com  |  www.DecisivEdge.com

 

This email and any files transmitted with it are considered privileged and confidential unless otherwise explicitly stated otherwise. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. All email data and contents may be monitored to ensure that their use is authorized, for management of the system, to facilitate protection against unauthorized use, and to verify security procedures, survivability and operational security. Under no circumstance should the user of this email have an expectation of privacy for this correspondence.

[Yana Zaeva]

Hi Charles,

You can perform audits using CIS Benchmarks by integrating with CIS-CAT. I will leave here a link with some information about it. Remember that you require CIS-CAT Pro licence. Another tool that you can make use of SCA (Security Configuration Assessment). You do not require an additional licence to make use of this one.

Hope this was helpful. Let me know if you need anything else.

Regards,

Yana.