https://github.com/nozaq/amazon-linux-cis

Bootstrap script for Amazon Linux to comply CIS Amazon Linux Benchmark v2.0.0
https://github.com/nozaq/amazon-linux-cis

amazon-linux aws cis hardening security

Last synced: 9 months ago
JSON representation

Bootstrap script for Amazon Linux to comply CIS Amazon Linux Benchmark v2.0.0

• Host: GitHub
• URL: https://github.com/nozaq/amazon-linux-cis
• Owner: nozaq
• License: mit
• Archived: true
• Created: 2017-11-22T12:26:37.000Z (about 8 years ago)
• Default Branch: main
• Last Pushed: 2022-01-01T23:02:47.000Z (about 4 years ago)
• Last Synced: 2024-11-19T21:36:02.342Z (about 1 year ago)
• Topics: amazon-linux, aws, cis, hardening, security
• Language: Python
• Size: 35.2 KB
• Stars: 58
• Watchers: 9
• Forks: 44
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
**This repositry is no longer maintained in favor of [CIS hardened AMIs](https://www.cisecurity.org/cis-hardened-images/amazon/).**

# amazon-linux-cis

[![CircleCI](https://circleci.com/gh/nozaq/amazon-linux-cis.svg?style=svg)](https://circleci.com/gh/nozaq/amazon-linux-cis)

[![Codacy Badge](https://api.codacy.com/project/badge/Grade/34bfe0c895814295a863a09c30437d34)](https://www.codacy.com/app/nozaq/amazon-linux-cis?utm_source=github.com&utm_medium=referral&utm_content=nozaq/amazon-linux-cis&utm_campaign=badger)

Bootstrap script for Amazon Linux to comply with [CIS Amazon Linux Benchmark v2.0.0](https://www.cisecurity.org/benchmark/amazon_linux/).

## Usage

```

$ git clone https://github.com/nozaq/amazon-linux-cis.git .

$ python ./amazon-linux-cis

```

## Available Arguments

Argument (default value) | What it does

------------ | -------------

--time (169.254.169.123) | Specify the upstream time server

--chrony *boolean* (true) | Use chrony for time synchronization

--no-backup | Automatic config backup is disabled

--clients *comma seperate list* | Specify a comma separated list of hostnames and host IP addresses

-v --verbose | Enable verbose logging of utility

--disable-tcp-wrappers | Disable installation of TCP Wrappers package

--disable-pam | Disable the hardening of the PAM module

--disable-iptables | Disable the installation of IPtables

--disable-mount-options | Disable replacing the default */etc/fstab* mounting config file

## Amazon Linux 2 Support

Although the differences between Amazon Linux and Amazon Linux 2 are extensive ([listed here](https://aws.amazon.com/amazon-linux-2/faqs/)), the majority of the changes to reach CIS compliance for Amazon Linux 2 are minor. Here's the minimum required command line needed to install the hardening on Amazon Linux 2 instances.

```

python ./amazon-linux-cis --disable-mount-options

```

## Tested Environments

- Amazon Linux 2017.09

- Amazon Linux AMI 2018.03.0 (HVM)

- Amazon Linux 2 - 2017.12