Checks whether a Linux server according to security best practices as defined in the CIS Distribution-Independent Linux Benchmark

Find a file

Yoav Hizkiahou 958fbe7666 Initialized basic bench project		2019-01-30 16:54:44 +02:00
cfg/1.1.0	Initialized basic bench project	2019-01-30 16:54:44 +02:00
app.go	Initialized basic bench project	2019-01-30 16:54:44 +02:00
app_test.go	Initialized basic bench project	2019-01-30 16:54:44 +02:00
main.go	Initialized basic bench project	2019-01-30 16:54:44 +02:00
README.md	Initialized basic bench project	2019-01-30 16:54:44 +02:00
root.go	Initialized basic bench project	2019-01-30 16:54:44 +02:00
utils.go	Initialized basic bench project	2019-01-30 16:54:44 +02:00

README.md

Linux-bench is a Go application that checks whether The linux operating system is configured securely by running the checks documented in the CIS Linux Benchmark.

Tests are configured with YAML files, making this tool easy to update as test specifications evolve.

CIS Linux Benchmark support

linux-bench currently supports tests for multiple platforms of Linux (ubntu, rhel and debian). linux-bench will determine the test set to run based on the operating system and the boot loader running on the host machine.

Installation

Installing from sources

Intall Go, then clone this repository and run as follows (assuming your $GOPATH is set):

go get github.com/aquasecurity/linux-bench
cd $GOPATH/src/github.com/aquasecurity/linux-bench
go build -o linux-bench .

# See all supported options
./linux-bench --help

# Run checks
./linux-bench

# Run checks for specified linux cis version
./linux-bench

Tests

Tests are specified in definition files cfg/<version>/definitions.yaml. Where ` is the version of linux cis for which the test applies.

Contributing

We welcome PRs and issue reports.