Requirements

• As a Secure Suite member you can download CIS Build Kits from CIS Workbench

• Please ensure that the Build Kit is fully validated in your testing environment before running it on a production system.

Implementation Steps

1. Download the Build Kit from CIS WorkBench to a desired directory which has the necessary permissions to execute sudo commands

2. Decompress and extract the Build Kit archive
   sudo tar xvfz /home/support/cis-lbk_ubuntu2004_bmv1.0.0.tar.gz

3. Make the installation shell script executable
   sudo chmod 500 /home/support/CIS-LBK/UBUNTU2004_LBK/UBUNTU2004_LBK.sh

4. Execute the script as root
/home/support/CIS-LBK/UBUNTU2004_LBK/UBUNTU2004_LBK.sh

5. When prompted select the appropriate CIS Benchmark Profile

6. Depending on the packages installed on your Unix/Linux system you may be prompted for additional options, select the appropriate field(s) for your environment

7. Linux Build Kits have environment specific settings that cannot be scripted. Ensure that you check the CIS-LBK_manual.log file and complete those manual configurations.

   1. Once the Linux/Unix Build Kit is applied/ run it creates the manual Recommendation list in the CIS-LBK_manual.log file under /logs/[date]/

8. If necessary in your unique environment, you may need to exclude specific recommendations from being applied

9. A final reboot is generally required for some of the settings to be implemented

10. Test the system’s functionality before applying the Level 2 hardening

11. Test the system before moving the system to a Production environment

Troubleshooting Steps

You will see at the end of the script there is some summary information. Please check that information especially the sections;

• Please review the logs

• Totals

• Summary

If there are services or changes that you need to make to the remediated system please refer to the Benchmark which corresponds with the Build Kit being used. Benchmark .PDF and .Docs are available on CIS WorkBench.