Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

The Linux Build Kit contains a set of functions used to remediate a Linux system in accordance with the guidance in the corresponding Benchmark

Requirements

  • As a Secure Suite member you can download CIS Build Kits from CIS Workbench

  • Please ensure that the Build Kit is fully validated in your testing environment before running it on a production system.

Warning

Applying the Build Kit to a system without proper testing and review may result in a negative impact within your environment.

Implementation Steps

Note

This quick start guide demonstrates the application of the Ubuntu 20.04 Build Kit version 1.0.0. However, these steps can be used as a general guide for applying any CIS Linux Build Kit

  1. Download the Build Kit from CIS WorkBench to a desired directory which has the necessary permissions to execute sudo commands

  2. Decompress and extract the Build Kit archive
    sudo tar xvfz /home/support/cis-lbk_ubuntu2004_bmv1.0.0.tar.gz

  3. Make the installation shell script executable
    sudo chmod 500 /home/support/CIS-LBK/UBUNTU2004_LBK/UBUNTU2004_LBK.sh

  4. Execute the script as root
    /home/support/CIS-LBK/UBUNTU2004_LBK/UBUNTU2004_LBK.sh

  5. When prompted select the appropriate CIS Benchmark Profile

  6. Depending on the packages installed on your Unix/Linux system you may be prompted for additional options, select the appropriate field(s) for your environment

  7. Linux Build Kits have environment specific settings that cannot be scripted. Ensure that you check the CIS-LBK_manual.log file and complete those manual configurations.

    1. Once the Linux/Unix Build Kit is applied/ run it creates the manual Recommendation list in the CIS-LBK_manual.log file under /logs/[date]/

  8. If necessary in your unique environment, you may need to exclude specific recommendations from being applied

  9. A final reboot is generally required for some of the settings to be implemented

  10. Test the system’s functionality before applying the Level 2 hardening

  11. Test the system before moving the system to a Production environment

Warning

Applying the Build Kit to a system without proper testing and review may result in a negative impact within your environment.

Troubleshooting Steps

You will see at the end of the script there is some summary information. Please check that information especially the sections;

  • Please review the logs

  • Totals

  • Summary

If there are services or changes that you need to make to the remediated system please refer to the Benchmark which corresponds with the Build Kit being used. Benchmark .PDF and .Docs are available on CIS WorkBench.

Note

For Linux/Unix Build Kit execution failures with the following error message, please refer to this Support article: Certain Linux Build Kits fail to execute with error "nix_fed_ensure_iptables-services_not_installed.sh


Copyright © 2022

Center for Internet Security®