{"id":170,"date":"2008-07-10T22:06:00","date_gmt":"2008-07-10T22:06:00","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=170"},"modified":"2020-07-02T22:07:42","modified_gmt":"2020-07-02T22:07:42","slug":"cis-benchmark-tests","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2008\/07\/cis-benchmark-tests\/","title":{"rendered":"CIS benchmark tests"},"content":{"rendered":"\n<p>We just included support in the&nbsp;<em><a href=\"http:\/\/www.ossec.net\/\">OSSEC<\/a>&nbsp;Policy monitor<\/em>&nbsp;to audit if a system is in compliance with the&nbsp;<a href=\"http:\/\/www.cisecurity.org\/\">CIS Security Benchmarks<\/a>&nbsp;(as of right now, only RHEL2-5, Fedora 1-5 and Debian\/Ubuntu are supported \u2013 the other versions will be soon).<\/p>\n\n\n\n<p>If you want to try it out manually and provide some feedback to us, please follow the instructions bellow to test:<\/p>\n\n\n\n<p>First, grab the latest CVS snapshot and compile it (it will be included on v1.6 and above):<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p># wget http:\/\/www.ossec.net\/files\/snapshots\/ossec-hids-080710.tar.gz<br># tar -zxvf ossec-hids-080710.tar.gz<br># cd ossec-hids-080710\/src\/<br># make clean<br># make libs<br># cd rootcheck<br># make binary<\/p><\/blockquote>\n\n\n\n<p>The binary&nbsp;<em>ossec-rootcheck<\/em>&nbsp;will be created on the current directory and we can start using it. A simple scan on my Ubuntu box looked like this: (note, that it will do all the normal rootcheck tests plus the CIS scans \u2014 just grep for CIS if you don\u2019t want to see the rest):<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p><strong># .\/ossec-rootcheck<\/strong><br>..<\/p><p>[INFO]: System Audit: CIS \u2013 Testing against the CIS Debian Linux Benchmark v1.0. File: \/proc\/sys\/kernel\/ostype. Reference: http:\/\/www.ossec.net\/wiki\/index.php\/CIS_DebianLinux .<\/p><p>[INFO]: System Audit: CIS \u2013 Debian Linux 1.4 \u2013 Robust partition scheme \u2013 \/tmp is not on its own partition. File: \/etc\/fstab. Reference: http:\/\/www.ossec.net\/wiki\/index.php\/CIS_DebianLinux .<\/p><p>[INFO]: System Audit: CIS \u2013 Debian Linux 1.4 \u2013 Robust partition scheme \u2013 \/var is not on its own partition. File: \/etc\/fstab. Reference: http:\/\/www.ossec.net\/wiki\/index.php\/CIS_DebianLinux .<\/p><p>[INFO]: System Audit: CIS \u2013 Debian Linux 2.3 \u2013 SSH Configuration \u2013 Root login allowed. File: \/etc\/ssh\/sshd_config. Reference: http:\/\/www.ossec.net\/wiki\/index.php\/CIS_DebianLinux .<\/p><p>[INFO]: System Audit: CIS \u2013 Debian Linux 2.4 \u2013 System Accounting \u2013 Sysstat not enabled. File: \/etc\/default\/sysstat. Reference: http:\/\/www.ossec.net\/wiki\/index.php\/CIS_DebianLinux .<\/p><p>[INFO]: System Audit: CIS \u2013 Debian Linux 4.18 \u2013 Disable standard boot services \u2013 Squid Enabled. File: \/etc\/init.d\/squid. Reference: http:\/\/www.ossec.net\/wiki\/index.php\/CIS_DebianLinux .<\/p><p>[INFO]: System Audit: CIS \u2013 Debian Linux 7.2 \u2013 Removable partition \/media without \u2018nodev\u2019 set. File: \/etc\/fstab. Reference: http:\/\/www.ossec.net\/wiki\/index.php\/CIS_DebianLinux .<\/p><p>[INFO]: System Audit: CIS \u2013 Debian Linux 7.2 \u2013 Removable partition \/media without \u2018nosuid\u2019 set. File: \/etc\/fstab. Reference: http:\/\/www.ossec.net\/wiki\/index.php\/CIS_DebianLinux .<\/p><p>[INFO]: System Audit: CIS \u2013 Debian Linux 7.3 \u2013 User-mounted removable partition \/media. File: \/etc\/fstab. Reference: http:\/\/www.ossec.net\/wiki\/index.php\/CIS_DebianLinux .<\/p><p>[INFO]: System Audit: CIS \u2013 Debian Linux 8.8 \u2013 GRUB Password not set. File: \/boot\/grub\/menu.lst. Reference: http:\/\/www.ossec.net\/wiki\/index.php\/CIS_DebianLinux .<\/p><p>..<\/p><\/blockquote>\n\n\n\n<p>Anyone here using CIS (or FDCC)? As always, feedback and suggestions are welcome.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We just included support in the&nbsp;OSSEC&nbsp;Policy monitor&nbsp;to audit if a system is in compliance with the&nbsp;CIS Security Benchmarks&nbsp;(as of right now, only RHEL2-5, Fedora 1-5 and Debian\/Ubuntu are supported \u2013 the other versions will be soon). If you want to try it out manually and provide some feedback to us, please follow the instructions bellow [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5,4],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/170"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=170"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/170\/revisions"}],"predecessor-version":[{"id":171,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/170\/revisions\/171"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}