based on RHEL9 CIS 2.0.0
Ability to audit a system using a lightweight binary to check the current state.
Running the audit sees an Increased RAM usage, improvements seen when dropping swappiness e.g. 5. Already improved by latest kernel update 6.12.0-55.12.1 as of 19-05-25
This is:
- very small 11MB
- lightweight
- self contained
It works using a set of configuration files and directories to audit STIG of RHEL/CentOS 7 servers. These files/directories correlate to the STIG Level and STIG_ID
Tested on
- RHEL10 - Beta and GA
You must have goss available to your host you would like to test.
You must have sudo/root access to the system as some commands require privilege information.
Assuming you have already clone this repository you can run goss from where you wish.
Please refer to the audit documentation for usage.
This also works alongside the Ansible Lockdown RHEL10-CIS role
Which will:
- install
- audit
- remediate
- audit
On our Discord Server to ask questions, discuss features, or just chat with other Ansible-Lockdown users
Set of configuration files and directories to run the first stages of CIS of RHEL 9 servers
This is configured in a directory structure level.
Goss is run based on the goss.yml file in the top level directory. This specifies the configuration.