Product Name
CIS Build Kit
Product Version
Linux-based versions
Date
Problem
I have added recommendations to the exclusions.txt
file that comes with a Linux-based CIS Build Kits, but the recommendations are still being applied.
Solution
The exclusions_list.txt
file is only intended to be used as a checklist to keep track of what recommendations are being applied outside of the script. To exclude the recommendations you have to comment out or remove those recommendations from the Build Kit shell script file that ends in .sh
.
In the UBUNTU2004_LBK.sh
script file that is seen below, recommendation 1.1.1.1 is still commented out (i.e., the #
remains in front of each line of the recommendation), but recommendation 1.1.1.2 is not commented out (i.e., no #
symbol in front of each line of the recommendation); therefore, when the Build Kit shell script (UBUNTU2004_LBK.sh
) is run, 1.1.1.1 will be excluded and 1.1.1.2 will be applied.
Please see the section titled “Where should I start” in the following CIS Build Kit FAQ page for more information: https://www.cisecurity.org/cis-securesuite/cis-securesuite-build-kit-content/build-kits-faq. In addition, please be sure to read the READ_ME.txt
file that comes with each Build Kit.
Please be sure to read the READ_ME.txt
file for information on how to apply the recommendations. The READ_ME.txt
is not included in all Linux CIS Build Kit bundles; however, it can be downloaded separately in CIS WorkBench.
Add Comment