cis-dil-benchmark
cis-dil-benchmark copied to clipboard
dev-sec
CIS Distribution Independent Linux Benchmark - InSpec Profile
Signed-off-by: bendres97 Fixes #125 Added a check to only run tests on /etc/motd if it exists. Added additional logic to validate any motd files under /etc/update-motd.d/
**Describe the bug** We've been getting Inspec reports about the `/etc/motd` permissions from this section here: https://github.com/dev-sec/cis-dil-benchmark/blob/master/controls/1_7_warning_banners.rb#L61-L74 However in most of our VMs, we do not have an `/etc/motd` file....
**Describe the bug** Hi! We configured a workload on AWS EC2s and configured AWS SSM to run a baseline check of the EC2 AMIs using this repo. SSM failed to...
**Describe the bug** Inspec failure on Ubuntu 20.04 systems due to APT overriding permissions on `/var/log/apt` files and CIS 4.2.3: ``` ubuntu2004-ami: × cis-dil-benchmark-4.2.3: Ensure permissions on all logfiles are...
**Is your feature request related to a problem? Please describe.** cis benchmarks show false negative errors, conntrack is equivalent or better than state module for iptables. **Describe the solution you'd...
**Describe the bug** Check fails, if path not exist ``` control 'cis-dil-benchmark-6.2.6' do title 'Ensure root PATH Integrity' ``` **Expected behavior** directory that not exist is not checked
**Describe the bug** I got WARN: Input 'cis_level' does not have a value, when in config cis level exist (see attached screen) **Expected behavior** i got scan my sshd server,...
While the CIS DIL Benchmark expects 0600 root:root permissions on all private host key files, this appears to be undesired behavior on RedHat systems where the openssh package creates ssh...
Hi Team, I am running this inspec profile in my rhel8 and it failed like below... since the tcp_wrapper/tcpd is depreciated on Redhat8 × cis-dil-benchmark-3.4.1: Ensure TCP Wrappers is installed...
Hi Team, The cis-dil-benchmark-1.6.1.3 is checking and giving below error. Actually it is checking for selinux config with `Policy from config file:\s+(targeted|mls)` but in RH7 it is changed to the...