Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nozaq/amazon-linux-cis

Bootstrap script for Amazon Linux to comply CIS Amazon Linux Benchmark v2.0.0
https://github.com/nozaq/amazon-linux-cis

amazon-linux aws cis hardening security

Last synced: 3 months ago
JSON representation

Bootstrap script for Amazon Linux to comply CIS Amazon Linux Benchmark v2.0.0

Host: GitHub
URL: https://github.com/nozaq/amazon-linux-cis
Owner: nozaq
License: mit
Archived: true
Created: 2017-11-22T12:26:37.000Z (almost 7 years ago)
Default Branch: main
Last Pushed: 2022-01-01T23:02:47.000Z (almost 3 years ago)
Last Synced: 2024-06-28T08:35:27.266Z (5 months ago)
Topics: amazon-linux, aws, cis, hardening, security
Language: Python
Size: 35.2 KB
Stars: 58
Watchers: 9
Forks: 44
Open Issues: 6
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        **This repositry is no longer maintained in favor of [CIS hardened AMIs](https://www.cisecurity.org/cis-hardened-images/amazon/).**

# amazon-linux-cis

[![CircleCI](https://circleci.com/gh/nozaq/amazon-linux-cis.svg?style=svg)](https://circleci.com/gh/nozaq/amazon-linux-cis)

[![Codacy Badge](https://api.codacy.com/project/badge/Grade/34bfe0c895814295a863a09c30437d34)](https://www.codacy.com/app/nozaq/amazon-linux-cis?utm_source=github.com&utm_medium=referral&utm_content=nozaq/amazon-linux-cis&utm_campaign=badger)

Bootstrap script for Amazon Linux to comply with [CIS Amazon Linux Benchmark v2.0.0](https://www.cisecurity.org/benchmark/amazon_linux/).

## Usage

```

$ git clone https://github.com/nozaq/amazon-linux-cis.git .

$ python ./amazon-linux-cis

```

## Available Arguments

Argument (default value) | What it does

------------ | -------------

--time (169.254.169.123) | Specify the upstream time server

--chrony *boolean* (true) | Use chrony for time synchronization

--no-backup | Automatic config backup is disabled

--clients *comma seperate list* | Specify a comma separated list of hostnames and host IP addresses

-v --verbose | Enable verbose logging of utility

--disable-tcp-wrappers | Disable installation of TCP Wrappers package

--disable-pam | Disable the hardening of the PAM module

--disable-iptables | Disable the installation of IPtables

--disable-mount-options | Disable replacing the default */etc/fstab* mounting config file

## Amazon Linux 2 Support

Although the differences between Amazon Linux and Amazon Linux 2 are extensive ([listed here](https://aws.amazon.com/amazon-linux-2/faqs/)), the majority of the changes to reach CIS compliance for Amazon Linux 2 are minor. Here's the minimum required command line needed to install the hardening on Amazon Linux 2 instances.

```

python ./amazon-linux-cis --disable-mount-options

```

## Tested Environments

- Amazon Linux 2017.09

- Amazon Linux AMI 2018.03.0 (HVM)

- Amazon Linux 2 - 2017.12