https://github.com/ansible-lockdown/RHEL9-CIS-Audit

Automated CIS Benchmark Compliance Audit for RHEL 9 with Ansible & GOSS
https://github.com/ansible-lockdown/RHEL9-CIS-Audit

ansible ansible-playbook ansible-role automation cis cis-benchmark cis-compliance cis-hardening cis-security configuration-management cybersecurity enterprise-hardening it-compliance linux-hardening rhel-9-hardening rhel-security rhel9 secure-baseline secure-configuration system-hardening

Last synced: 15 days ago
JSON representation

Automated CIS Benchmark Compliance Audit for RHEL 9 with Ansible & GOSS

• Host: GitHub
• URL: https://github.com/ansible-lockdown/RHEL9-CIS-Audit
• Owner: ansible-lockdown
• License: mit
• Created: 2022-01-07T09:51:33.000Z (over 3 years ago)
• Default Branch: devel
• Last Pushed: 2025-02-26T12:27:42.000Z (about 2 months ago)
• Last Synced: 2025-02-26T13:33:57.613Z (about 2 months ago)
• Topics: ansible, ansible-playbook, ansible-role, automation, cis, cis-benchmark, cis-compliance, cis-hardening, cis-security, configuration-management, cybersecurity, enterprise-hardening, it-compliance, linux-hardening, rhel-9-hardening, rhel-security, rhel9, secure-baseline, secure-configuration, system-hardening
• Language: YAML
• Homepage: https://www.lockdownenterprise.com
• Size: 530 KB
• Stars: 29
• Watchers: 5
• Forks: 16
• Open Issues: 8
• Metadata Files:
  • Readme: README.md
  • Changelog: Changelog.md
  • License: LICENSE
  • Security: docs/Security_remediation_and_auditing.md

Awesome Lists containing this project

README

        

# RHEL 9 Goss config

## Overview

based on CIS 1.0.0

Ability to audit a system using a lightweight binary to check the current state.

This is:

- very small 11MB

- lightweight

- self contained

It works using a set of configuration files and directories to audit STIG of RHEL/CentOS 7 servers. These files/directories correlate to the STIG Level and STIG_ID

Tested on

- RHEL9

- Rocky9

- AlmaLinux 9

- Oraclelinux 9

## Requirements

You must have [goss](https://github.com/goss-org/goss/) available to your host you would like to test.

You must have sudo/root access to the system as some commands require privilege information.

Assuming you have already clone this repository you can run goss from where you wish.

Please refer to the audit documentation for usage.

- [readthedocs](https://ansible-lockdown.readthedocs.io/en/latest/)

This also works alongside the [Ansible Lockdown RHEL9-CIS role](https://github.com/ansible-lockdown/RHEL9-CIS)

Which will:

- install

- audit

- remediate

- audit

## Join us

On our [Discord Server](https://www.lockdownenterprise.com/discord) to ask questions, discuss features, or just chat with other Ansible-Lockdown users

Set of configuration files and directories to run the first stages of CIS of RHEL 9 servers

This is configured in a directory structure level.

Goss is run based on the goss.yml file in the top level directory. This specifies the configuration.

## further information

- [goss documentation](https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#patterns)

- [CIS standards](https://www.cisecurity.org)