Security Basics mailing list archives
Re: CIS server configuration audit tools.
From: "Johannes Ullrich" <jullrich () euclidian com>
Date: Tue, 4 Feb 2003 16:31:27 -0500
I used the Linux version. The CIS audit tools will just report and not make any changes. In so far, I don't think that they will crash your server. Like all similar tools I have used so far, the CIS tools have to be adapted to your own organization. Don't just apply them blindly. The tool will basically give you a score from 0-10, where 10 is 'most secure'. However, it also means that no services are running on this machine, so if it is a web server, it is not functional. You basically have to decide how secure you want it. I usually end up around 8.5-9.5 for a single function server. The part I like most about the CIS benchmark is the PDF that comes with it. It includes very concise information about the different settings. Again: People probably wrote books about some of the items that are covered in a paragraph. So these notes don't cover everything. But they usually tell you enough. Essentially, you run the benchmark and it will spit out a list of 'negatives'. You look up in the PDF why it complained and decide if you want to fix this (it usually tells you how to fix it in a couple lines of shell script) -- -------------------------------------------------------------------- jullrich () euclidian com Collaborative Intrusion Detection join http://www.dshield.org
Current thread:
- CIS server configuration audit tools. Tony Lindsey (Feb 05)
- Re: CIS server configuration audit tools. Johannes Ullrich (Feb 04)