Skip to content

SaltStack formula for enforcing part of the CIS Benchmarks

License

Notifications You must be signed in to change notification settings

kartzone1/cis-benchmark-formula

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cis-benchmark-formula

A saltstack formula which enforces some of the guidelines recommended in the CIS benchmark.

Available states

Enforces the CIS Benchmark for the current platform (Currently only CentOS 7 Supported).

You will need to check the services and packages that are recommended for removal, especially if you intend to use the target host as a dhcp, dns, or openldap server.

Not all recommendations are currently implemented. This section contains a list for my own reference.

  • 1.1 Filesystem Configuration: I don't intend on supporting destructive disk operations.
  • 1.2.1: Verifying GPG key

3.6 NTP - Recommend configure via ntp formula for now. 4.3 WiFi 4.6 disabled protocols 5 Logging - Setting up remote logging is entirely up to you. 5.1.* Logging configuration 5.2 Auditing (I'll return to this) 5.3 Logrotate - Recommend using logrotate-formula for the moment. 5.2 Configure SSH - Recommend using openssh-formula to set these options. 6.3 Passwords - TODO

About

SaltStack formula for enforcing part of the CIS Benchmarks

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • SaltStack 84.1%
  • HTML 15.9%