Home page logo

basics logo Security Basics mailing list archives

Re: CIS server configuration audit tools.
From: "Johannes Ullrich" <jullrich () euclidian com>
Date: Tue, 4 Feb 2003 16:31:27 -0500

I used the Linux version. The CIS audit tools will just report and not make
any changes. In so far, I don't think that they will crash your server.

Like all similar tools I have used so far, the CIS tools have to be
adapted to your own organization. Don't just apply them blindly.

The tool will basically give you a score from 0-10, where 10 is 'most secure'.
However, it also means that no services are running on this machine, so if
it is a web server, it is not functional. You basically have to decide
how secure you want it. I usually end up around 8.5-9.5 for a single function

The part I like most about the CIS benchmark is the PDF that comes with it.
It includes very concise information about the different settings. Again:
People probably wrote books about some of the items that are covered in
a paragraph. So these notes don't cover everything. But they usually tell
you enough.

Essentially, you run the benchmark and it will spit out a list of 'negatives'.
You look up in the PDF why it complained and decide if you want to fix this
(it usually tells you how to fix it in a couple lines of shell script)

jullrich () euclidian com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]