The CIS Compliance Suite is a collection of scripts dedicated to improving and managing the security configurations of Ubuntu Live Servers using Uncomplicated Firewall (UFW). The suite aligns with the Center for Internet Security (CIS) guidelines for secure system configurations.
- Modularity: The project adopts a modular structure for straightforward maintenance and scalability.
- Logging: Detailed logs are generated to monitor changes made during the configuration process.
- Flexible Configuration: Users can choose from various logging options, such as overall logs, control-wise logs, and date-wise logs.
To run the CIS Compliance Suite on your Ubuntu Live Server, follow these steps:
-
Clone the repository:
git clone https://github.com/fernandonaime/debian20.04compliance.git cd debian20.04compliance -
Execute the main script with sudo:
sudo python3 tester.py
-
Follow the on-screen instructions to harden the operating system.
tester.py: Main script for executing the UFW CIS Compliance Suite.CIS_Ubuntu_Linux_20.04_LTS_Benchmark_v2.0.1-06-29-2023/:- Contains CIS benchmark guidelines with automated and manual configuration steps.
- The scripts in the suite automate certain tasks as per the CIS benchmarks.
This control ensures that the Uncomplicated Firewall (UFW) is installed on the system.
This control ensures that iptables-persistent is not installed alongside UFW.
This control ensures that the UFW service is enabled and set to start at boot.
This control ensures that UFW is configured to allow loopback traffic.
This control requires manual configuration of UFW rules for outbound connections.
This control ensures that UFW has firewall rules defined for all open ports.
This control ensures that the UFW default firewall policy is set to deny.