ansible-lockdown / RHEL8-CIS-Audit

Audit configurations for RHEL8 CIS - utilising goss
MIT License
31 stars 26 forks source link
cis cis-benchmark cis-standards compliance-automation goss rhel8 rhel8-cis security security-audit security-auditing-tool security-hardening

RHEL/CentOS 8 Goss config

Overview

based on CIS 2.0.0

Ability to audit a system using a lightweight binary to check the current state.

This is:

It works using a set of configuration files and directories to audit STIG of RHEL/CentOS 7 servers. These files/directories correlate to the STIG Level and STIG_ID

Tested on

Requirements

You must have goss available to your host you would like to test.

You must have sudo/root access to the system as some commands require privilege information.

Assuming you have already clone this repository you can run goss from where you wish.

Please refer to the audit documentation for usage.

This also works alongside the Ansible Lockdown RHEL8-CIS role

Which will:

Join us

On our Discord Server to ask questions, discuss features, or just chat with other Ansible-Lockdown users

Set of configuration files and directories to run the first stages of CIS of RHEL 8 servers

This is configured in a directory structure level.

Goss is run based on the goss.yml file in the top level directory. This specifies the configuration.

further information