Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/aquasecurity/linux-bench

Checks whether a Linux server according to security best practices as defined in the CIS Distribution-Independent Linux Benchmark
https://github.com/aquasecurity/linux-bench

linux-cis

Last synced: 3 days ago
JSON representation

Checks whether a Linux server according to security best practices as defined in the CIS Distribution-Independent Linux Benchmark

Host: GitHub
URL: https://github.com/aquasecurity/linux-bench
Owner: aquasecurity
License: apache-2.0
Created: 2019-01-27T12:47:35.000Z (almost 6 years ago)
Default Branch: main
Last Pushed: 2024-01-29T10:28:37.000Z (9 months ago)
Last Synced: 2024-08-02T02:14:27.391Z (3 months ago)
Topics: linux-cis
Language: Go
Homepage:
Size: 311 KB
Stars: 147
Watchers: 11
Forks: 55
Open Issues: 7
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        [![GitHub Release][release-img]][release]

[![License][license-img]][license]

[![Coverage Status][cov-img]][cov]

[![GitHub Build Actions][build-action-img]][actions]

[![GitHub Release Actions][release-action-img]][actions]

Linux-bench is a Go application that checks whether the Linux operating system is configured securely by running the checks documented in the CIS Distribution Independent Linux Benchmark.

Tests are configured with YAML files, making this tool easy to update as test specifications evolve.

## CIS Linux Benchmark support

linux-bench currently supports tests for benchmark version 1.1.0 only.

linux-bench will determine the test set to run on the host machine based on the following:

- **Operating system platform - ubuntu/debian/rhel/coreos**

- **Boot loader - grub/grub2**

- **System logging tool - rsyslog/syslog-ng**

- **Lsm - selinux/apparmor**

## Installation

### Installing from sources

Install [Go](https://golang.org/doc/install), then

clone this repository and run as follows (assuming your [\$GOPATH is set](https://github.com/golang/go/wiki/GOPATH)):

```shell

go get github.com/aquasecurity/linux-bench

cd $GOPATH/src/github.com/aquasecurity/linux-bench

go build -o linux-bench .

# See all supported options

./linux-bench --help

# Run checks

./linux-bench

# Run checks for specified linux cis version

./linux-bench --version 

```

# Tests

Tests are specified in definition files `cfg//definitions.yaml.`

Where `` is the version of linux cis for which the test applies.

# Contributing

We welcome PRs and issue reports.

[actions]: https://github.com/aquasecurity/linux-bench/actions

[build-action-img]: https://github.com/aquasecurity/linux-bench/workflows/build/badge.svg

[cov-img]: https://codecov.io/github/aquasecurity/linux-bench/branch/main/graph/badge.svg

[cov]: https://codecov.io/github/aquasecurity/linux-bench

[license-img]: https://img.shields.io/badge/License-Apache%202.0-blue.svg

[license]: https://opensource.org/licenses/Apache-2.0

[release-img]: https://img.shields.io/github/release/aquasecurity/linux-bench.svg

[release]: https://github.com/aquasecurity/linux-bench/releases

[release-action-img]: https://github.com/aquasecurity/linux-bench/workflows/release/badge.svg