Skip to content

ansible-lockdown/RHEL8-CIS-Audit

6 Branches1 Tag

Folders and files

NameName
Last commit message
Last commit date

Latest commit

uk-bollyuk-bolly
updated script to latest - to devel (#63)
Apr 23, 2024
a05bd0e · Apr 23, 2024

History

315 Commits
.github
.github
Sep 2, 2021
docs
docs
May 3, 2022
meta
meta
Mar 21, 2023
section_1
section_1
Sep 14, 2023
section_2
section_2
Oct 10, 2022
section_3
section_3
Sep 14, 2023
section_4
section_4
Sep 14, 2023
section_5
section_5
Sep 14, 2023
section_6
section_6
Sep 14, 2023
vars
vars
Jan 16, 2023
.gitattributes
.gitattributes
Nov 11, 2021
.gitignore
.gitignore
Sep 2, 2021
CONTRIBUTING.rst
CONTRIBUTING.rst
Sep 14, 2023
Changelog.md
Changelog.md
Mar 18, 2022
LICENSE
LICENSE
Sep 14, 2023
README.md
README.md
Sep 14, 2023
goss.yml
goss.yml
Sep 15, 2022
notes.md
notes.md
Dec 22, 2020
run_audit.sh
run_audit.sh
Apr 23, 2024
standalone.yml
standalone.yml
Apr 6, 2022

Repository files navigation

RHEL/CentOS 8 Goss config

Overview

based on CIS 2.0.0

Ability to audit a system using a lightweight binary to check the current state.

This is:

  • very small 11MB
  • lightweight
  • self contained

It works using a set of configuration files and directories to audit STIG of RHEL/CentOS 7 servers. These files/directories correlate to the STIG Level and STIG_ID

Tested on

  • RHEL8
  • CentOS8
  • Rocky8
  • Alma-Linux 8

Requirements

You must have goss available to your host you would like to test.

You must have sudo/root access to the system as some commands require privilege information.

Assuming you have already clone this repository you can run goss from where you wish.

Please refer to the audit documentation for usage.

This also works alongside the Ansible Lockdown RHEL8-CIS role

Which will:

  • install
  • audit
  • remediate
  • audit

Join us

On our Discord Server to ask questions, discuss features, or just chat with other Ansible-Lockdown users

Set of configuration files and directories to run the first stages of CIS of RHEL 8 servers

This is configured in a directory structure level.

Goss is run based on the goss.yml file in the top level directory. This specifies the configuration.

further information

About

Automated CIS Benchmark Compliance Audit for RHEL 8 with Ansible & GOSS

www.lockdownenterprise.com

Topics

ansible ansible-playbook cis automation ansible-role configuration-management cybersecurity system-hardening cis-benchmark linux-hardening cis-hardening rhel8 cis-security it-compliance secure-configuration secure-baseline cis-compliance enterprise-hardening rhel-security rhel-8-hardening

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

36 stars

Watchers

8 watching

Forks

31 forks
Report repository

Releases 1

v0.2 release Latest
Jun 11, 2021

Packages

No packages published

Contributors 7

Languages