Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ansible-lockdown/RHEL9-CIS-Audit
Audit configurations for RHEL9 CIS
https://github.com/ansible-lockdown/RHEL9-CIS-Audit
auditing benchmark benchmark-framework cis-benchmark cis-standards compliance-as-code compliance-automation redhat redhat9 rhel9 security-audit security-auditing-tool
Last synced: about 1 month ago
JSON representation
Audit configurations for RHEL9 CIS
- Host: GitHub
- URL: https://github.com/ansible-lockdown/RHEL9-CIS-Audit
- Owner: ansible-lockdown
- License: mit
- Created: 2022-01-07T09:51:33.000Z (over 2 years ago)
- Default Branch: devel
- Last Pushed: 2024-07-26T16:07:10.000Z (about 1 month ago)
- Last Synced: 2024-07-27T17:51:31.644Z (about 1 month ago)
- Topics: auditing, benchmark, benchmark-framework, cis-benchmark, cis-standards, compliance-as-code, compliance-automation, redhat, redhat9, rhel9, security-audit, security-auditing-tool
- Language: YAML
- Homepage: https://ansible-lockdown.readthedocs.io/en/latest/
- Size: 434 KB
- Stars: 17
- Watchers: 5
- Forks: 12
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: Changelog.md
- License: LICENSE
- Security: docs/Security_remediation_and_auditing.md
Awesome Lists containing this project
README
# RHEL 9 Goss config
## Overview
based on CIS 1.0.0
Ability to audit a system using a lightweight binary to check the current state.
This is:
- very small 11MB
- lightweight
- self containedIt works using a set of configuration files and directories to audit STIG of RHEL/CentOS 7 servers. These files/directories correlate to the STIG Level and STIG_ID
Tested on
- RHEL9
- Rocky9
- AlmaLinux 9
- Oraclelinux 9## Requirements
You must have [goss](https://github.com/goss-org/goss/) available to your host you would like to test.
You must have sudo/root access to the system as some commands require privilege information.
Assuming you have already clone this repository you can run goss from where you wish.
Please refer to the audit documentation for usage.
- [readthedocs](https://ansible-lockdown.readthedocs.io/en/latest/)
This also works alongside the [Ansible Lockdown RHEL9-CIS role](https://github.com/ansible-lockdown/RHEL9-CIS)
Which will:
- install
- audit
- remediate
- audit## Join us
On our [Discord Server](https://www.lockdownenterprise.com/discord) to ask questions, discuss features, or just chat with other Ansible-Lockdown users
Set of configuration files and directories to run the first stages of CIS of RHEL 9 servers
This is configured in a directory structure level.
Goss is run based on the goss.yml file in the top level directory. This specifies the configuration.
## further information
- [goss documentation](https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#patterns)
- [CIS standards](https://www.cisecurity.org)