AWS Inspector Reports on CIS Hardened Image®

Problem

Background

An Amazon Inspector assessment can run a host assessment for:

• Common vulnerabilities and exposures

• Center for Internet Security (CIS) Benchmarks

• Security best practices for Amazon Inspector

Example

An AWS Inspector assessment is run against a CIS Ubuntu Linux 18.04 LTS Benchmark - Level 1 instance. The AWS Inspector report shows there are 48 High, 1 Medium and 7 Informational Severity Issues detected.

Please see the chart below for an explanation of those AWS Inspector findings;

To further investigate and reconcile those findings you will need to carefully look at the following;

1. Each CIS Hardened Image has a CIS-CAT Pro Assessor report on the Pass / Fail state of the hardened image according to the specific Benchmark recommendations. That report is in HTML format and is located at /home/CIS_Hardening_Reports/

2. Each CIS Hardened Image has a exceptions listing for any CIS Benchmark recommendations that have not been applied and a rationale for that exception. That report is in text format and is located at /home/CIS_Hardening_Reports/

3. CIS Benchmarks can be applied at different profiles (levels) Every CIS Hardened Image specifically states the Benchmark and Profile Level. The HTML report noted in item 1 above will only report on the Profile applied. In this KB example this is Profile 1. To see the full benchmark with all profile levels please join CIS Workbench and you can download a PDF format for the Benchmark in question.

4. CVE vulnerabilities are addressed by the operating system vendor. Please see the related content KB which has information on how CIS addresses CVE vulnerabilities in our hardened image build process.

Related Content

Copyright © 2024 Center for Internet Security® Privacy Policy