Merge pull request #1621 from oracle-devrel/oci-security-health-check…

…-standard-2503 Oci security health check standard 2503
oracle-devrel · Mar 7, 2025 · d40d4e1 · d40d4e1
2 parents 970be75 + f58973b
commit d40d4e1
Show file tree

Hide file tree

Showing 15 changed files with 433 additions and 109 deletions.
diff --git a/security/security-design/shared-assets/oci-security-health-check-standard/LICENSE b/security/security-design/shared-assets/oci-security-health-check-standard/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2024 Oracle and/or its affiliates.
+Copyright (c) 2022-2025 Oracle and/or its affiliates.
 
 The Universal Permissive License (UPL), Version 1.0
 

diff --git a/...rity/security-design/shared-assets/oci-security-health-check-standard/README.md b/...rity/security-design/shared-assets/oci-security-health-check-standard/README.md
@@ -2,7 +2,7 @@
 
 Owner: Olaf Heimburger
 
-Version: 241206
+Version: 250307 (cis_report.py version 2.8.8) for CIS OCI Foundation Benchmark 2.0.0
 
 Reviewed: 01.02.2024
 
@@ -13,7 +13,7 @@ Reviewed: 01.02.2024
 
 ## When to use this asset?
 
-The *OCI Security Health Check - Standard Edition* checks an OCI tenancy for [CIS Oracle Cloud Infrastructure Foundations Benchmark](https://www.cisecurity.org/benchmark/Oracle_Cloud) compliance.
+The *OCI Security Health Check - Standard Edition* checks your OCI tenancy for [CIS Oracle Cloud Infrastructure Foundations Benchmark](https://www.cisecurity.org/benchmark/Oracle_Cloud) compliance.
 
 ### Disclaimer
 
@@ -28,6 +28,25 @@ The main goals of this script are:
 - Make the run as easy and smooth as possible.
 - Do not affect your desktop whenever possible.
 
+## Benefits of this package
+
+This package includes *two* files
+- standard.sh
+- scripts/cis_reports/cis_reports.py
+
+The file standard.sh acts as the entry point and does the following:
+
+- Automatic check for Python runtime version
+- Automatic venv creation and activation
+- Automatci installation of required Python libraries
+- Automatic **OCI Cloud Shell** and tenancy name detection
+- Automatic creation of timestamped output directory
+- Call of cis_reports.py
+- Automatic output archive (ZIP file) creation
+- Automatic runtime protocol
+
+Tested on **OCI Cloud Shell** with **Public network**, **Oracle Linux**, **MacOS 12** and higher.
+
 ## Complete Runtime Example
 
 See the *OCI Security Health Check - Standard Edition* in action and watch the [OCI Health Checks - Self Service video](https://www.youtube.com/watch?v=EzjKLxfxaAM).
@@ -38,22 +57,22 @@ See the *OCI Security Health Check - Standard Edition* in action and watch the [
 
 Before running the *OCI Security Health Check - Standard Edition* you should download and verify it.
 
-  - Download the latest distribution [oci-security-health-check-standard-241206.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.zip).
+  - Download the latest distribution [oci-security-health-check-standard-250307.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250307.zip).
   - Download the respective checksum file:
-    - [oci-security-health-check-standard-241206.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.sha512).
-    - [oci-security-health-check-standard-241206.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.sha512256).
+    - [oci-security-health-check-standard-250307.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250307.sha512).
+    - [oci-security-health-check-standard-250307.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250307.sha512256).
   - Verify the integrity of the distribution. Both files must be in the same directory (for example, in your downloads directory).
 
     On MacOS:
     ```
     cd <your_downloads_directory>
-    shasum -a 512256 -c oci-security-health-check-standard-241206.sha512256
+    shasum -a 512256 -c oci-security-health-check-standard-250307.sha512256
     ```
 
     On Linux (including Cloud Shell):
     ```
     cd <your_downloads_directory>
-    sha512sum -c oci-security-health-check-standard-241206.sha512
+    sha512sum -c oci-security-health-check-standard-250307.sha512
     ```
 
 **Reject the downloaded file if the check fails!**
@@ -66,10 +85,10 @@ In OCI Cloud Shell you can do a short cut without downloading the files mentione
 2. Open Cloud Shell
 3. Run these commands in your Cloud Shell:
   ```
-  wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.zip
-  wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.sha512
-  sha512sum -c oci-security-health-check-standard-241206.sha512
-  unzip -q oci-security-health-check-standard-241206.zip
+  wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250307.zip
+  wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250307.sha512
+  sha512sum -c oci-security-health-check-standard-250307.sha512
+  unzip -q oci-security-health-check-standard-250307.zip
   ```
 
 ## Prepare the OCI Tenancy
@@ -145,7 +164,7 @@ The *OCI Security Health Check - Standard Edition* would not be possible without
 
 # License
 
-Copyright (c) 2024 Oracle and/or its affiliates.
+Copyright (c) 2022-2025 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 

diff --git a/...ssets/oci-security-health-check-standard/files/oci-security-health-check-standard/LICENSE b/...ssets/oci-security-health-check-standard/files/oci-security-health-check-standard/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2024 Oracle and/or its affiliates. 
+Copyright (c) 2022-2025 Oracle and/or its affiliates. 
 
 The Universal Permissive License (UPL), Version 1.0
 

diff --git a/...curity-health-check-standard/files/oci-security-health-check-standard/README.md b/...curity-health-check-standard/files/oci-security-health-check-standard/README.md
@@ -2,7 +2,7 @@
 
 Owner: Olaf Heimburger
 
-Version: 241206 (cis_report.py version 2.8.6)
+Version: 250307 (cis_report.py version 2.8.8) for CIS OCI Foundation Benchmark 2.0.0
 
 ## When to use this asset?
 
@@ -27,22 +27,22 @@ The main goals of this script are:
 
 Before running the *OCI Security Health Check - Standard Edition* you should download and verify it.
 
-  - Download the latest distribution [oci-security-health-check-standard-241206.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.zip).
+  - Download the latest distribution [oci-security-health-check-standard-250307.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250307.zip).
   - Download the respective checksum file:
-    - [oci-security-health-check-standard-241206.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.sha512).
-    - [oci-security-health-check-standard-241206.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.sha512256).
+    - [oci-security-health-check-standard-250307.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250307.sha512).
+    - [oci-security-health-check-standard-250307.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250307.sha512256).
   - Verify the integrity of the distribution. Both files must be in the same directory (for example, in your downloads directory).
 
     On MacOS:
     ```
     cd <your_downloads_directory>
-    shasum -a 512256 -c oci-security-health-check-standard-241206.sha512256
+    shasum -a 512256 -c oci-security-health-check-standard-250307.sha512256
     ```
 
     On Linux (including Cloud Shell):
     ```
     cd <your_downloads_directory>
-    sha512sum -c oci-security-health-check-standard-241206.sha512
+    sha512sum -c oci-security-health-check-standard-250307.sha512
     ```
 
 **Reject the downloaded file when the check fails!**
@@ -187,7 +187,7 @@ allow group 'Default'/'grp-auditors' to inspect vcns in compartment <compartment
   - Upload the distribution file.
   - Extract it
     ```
-    unzip -q oci-security-health-check-standard-241206.zip
+    unzip -q oci-security-health-check-standard-250307.zip
     ```
 
 #### Run the script
@@ -261,11 +261,11 @@ allow group 'Default'/'grp-auditors' to inspect vcns in compartment <compartment
       Follow the instructions to select /usr/bin/python3.9
     - Log out
 
-  - From your desktop, upload the `oci-security-health-check-standard-241206.zip` file to the Compute VM using any SFTP client.
+  - From your desktop, upload the `oci-security-health-check-standard-250307.zip` file to the Compute VM using any SFTP client.
   - Log into the Compute VM
     - Extract the distribution
       ```
-      unzip -q oci-security-health-check-standard-241206.zip
+      unzip -q oci-security-health-check-standard-250307.zip
       ```
     - Change directory into `oci-security-health-check-standard`:
       ```
@@ -337,7 +337,7 @@ The Compliance Checking Script is certified by the [CIS Center of Internet Secur
 
 # License
 
-Copyright (c) 2022-2024 Oracle and/or its affiliates.
+Copyright (c) 2022-2025 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 

diff --git a/...ts/oci-security-health-check-standard/files/oci-security-health-check-standard/README.txt b/...ts/oci-security-health-check-standard/files/oci-security-health-check-standard/README.txt
@@ -2,7 +2,7 @@
 OCI Security Health Check - Standard Edition
 ============================================
 Owner: Olaf Heimburger
-Version: 241206 (cis_report.py version 2.8.6)
+Version: 250307 (cis_report.py version 2.8.8)  for CIS OCI Foundation Benchmark 2.0.0
 
 When to use this asset?
 
@@ -85,7 +85,7 @@ Usage
   - From the menu select the Cloud Shell item.
   - When running it the first time:
     - Upload the provided ZIP file.
-    - Extract it with unzip -q oci-security-health-check-standard-241206.zip
+    - Extract it with unzip -q oci-security-health-check-standard-250307.zip
   - Change directory into oci-security-health-check-standard
     $ cd oci-security-health-check-standard
     $ screen
@@ -142,11 +142,11 @@ Usage
     - Log out
 
   - From your desktop, upload the
-    "oci-security-health-check-standard-241206.zip" file to the Compute VM
+    "oci-security-health-check-standard-250307.zip" file to the Compute VM
     using any SFTP client.
   - Log into the Compute VM
     - Extract the distribution
-      unzip -q oci-security-health-check-standard-241206.zip
+      unzip -q oci-security-health-check-standard-250307.zip
 
     - Change directory into "oci-security-health-check-standard":
       cd oci-security-health-check-standard
@@ -215,7 +215,7 @@ The Compliance Checking Script is certified by the Center of Internet Security
 
 License
 
-Copyright (c) 2022-2024 Oracle and/or its affiliates.
+Copyright (c) 2022-2025 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 

diff --git a/...-security-health-check-standard/files/oci-security-health-check-standard/requirements.txt b/...-security-health-check-standard/files/oci-security-health-check-standard/requirements.txt
@@ -3,7 +3,7 @@ pytz
 pandas
 openpyxl>=3.1.5
 pyyaml>=6.0
-oci>=2.129.4
+oci>=2.147.0
 requests
 matplotlib
 numpy