Skip to content

despegar/check-cis

1 Branch0 Tags
This branch is 384 commits ahead of, 1 commit behind elarrarte/check-cis:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

smusto-despegarsmusto-despegar
Rename 2_1_1_1.sh to 2_1_1_4.sh
Jun 15, 2023
eaad565 · Jun 15, 2023

History

420 Commits
policies
policies
Aug 25, 2020
ubuntu-16.04
ubuntu-16.04
Aug 25, 2020
ubuntu-18.04
ubuntu-18.04
Jun 2, 2023
ubuntu-20.04
ubuntu-20.04
Jun 15, 2023
README.md
README.md
Jun 28, 2020
check-cis.sh
check-cis.sh
Aug 10, 2020

Repository files navigation

CIS compliant bash script (check-cis.sh)

SCRIPT INFORMATION

AUTHOR  : Ezequiel Larrarte
DATE    : 2020-06-27
VERSION : 01

DESCRIPTION

This script runs CIS tests in order to see if a given Linux server/workstation is CIS compliant.
The script allows you to create your own policy, selecting only the CIS tests you need.
Also, you can log the results to a file for easy SIEM integration, using KV log format.
The script can be easily extendend adding the unitary tests for a specific Linux distribution.
At the time of writing, only Ubuntu 18.04 CIS 2.0.1 is supported (work in progress).

EXAMPLES

Save all the CIS tests to a policy
check-cis.sh --action list > policy.conf

Edit policy.conf and remove unneeded tests
Execute a CIS test using the policy
check-cis.sh --action execute --cis-policy policy.conf

Execute those tests with workstation applicability from the policy
check-cis.sh --action execute --cis-policy policy.conf --cis-pa workstation

Execute those tests with profile level 1 from the policy
check-cis.sh --action execute --cis-policy policy.conf --cis-pl 1

Execute a specific test
check-cis.sh --action execute --cis-test 1_1_1_1 --verbose

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%