The compliance report output by Ubuntu Security Guide. The HTML report contains the list of rules that succeeded and failed, and looks like the following screenshot. This will generate a report placed in /var/lib/usg with the results of the audit. We will audit our system using USG and that benchmark with the following command. Get Ubuntu Advantage How to audit the systemĪt the time of this writing, the corresponding CIS benchmark for Ubuntu 20.04 LTS is the “CIS Ubuntu Linux 20.04 LTS Benchmark v1.0.0”. $ sudo apt install ubuntu-advantage-tools Once the subscription is attached on your Ubuntu system, install USG with the following commands: $ sudo apt update The Ubuntu Security Guide is available with a subscription. Let us now take a deep dive into using the Ubuntu Security Guide. last but not least, you use a consistent interface across Ubuntu releases.the same experience applies whether scanning for the CIS benchmark, DISA-STIG and any other profiles made available in the future.teams can standardize on a profile by storing it in a hard-wired location, preventing the case of different people accidentally scanning or complying with different profiles or versions.you can select a specific version of the CIS benchmark, i.e., a tooling upgrade doesn’t need to break scheduled scans that target a specific benchmark version.you can customize (tailor) the CIS profile select the CIS rules to comply with.The following list summarizes the main pain points for audit and compliance workflows that are addressed by Ubuntu Security Guide. While observing how our existing CIS compliance tools were being used by auditors and administrators of Ubuntu systems, we identified several points that would improve their workflow. In the rest of this blog, we go through the major use cases such as CIS compliance, audit, and customization. The Ubuntu Security Guide is a new tool available on Ubuntu 20.04 LTS that makes automation easy and greatly improves the usability of hardening and auditing with CIS, while allowing for environment-specific customizations. Let us introduce the Ubuntu Security Guide (USG). In fact, one of the top reasons for security breaches the last few years is due to misconfigurations, according to Verizon data breach investigations. Why is that? Manual configuration of such a large number of rules leads to mistakes – mistakes that cause not only functional problems, but may also cause security breaches. Every administrator of systems that need to comply with that benchmark would wish that this process is easily usable and automatable. The CIS benchmark has hundreds of configuration recommendations, so hardening and auditing a Linux system manually can be very tedious. In submitting this form, I confirm that I have read and agree to Canonical's Privacy Notice and Privacy Policy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |