Skip to content

ansible-lockdown/RHEL8-CIS-Audit

Repository files navigation

RHEL/CentOS 8 Goss config

Overview

based on CIS 2.0.0

Ability to audit a system using a lightweight binary to check the current state.

This is:

  • very small 11MB
  • lightweight
  • self contained

It works using a set of configuration files and directories to audit STIG of RHEL/CentOS 7 servers. These files/directories correlate to the STIG Level and STIG_ID

Tested on

  • RHEL8
  • CentOS8
  • Rocky8
  • Alma-Linux 8

Requirements

You must have goss available to your host you would like to test.

You must have sudo/root access to the system as some commands require privilege information.

Assuming you have already clone this repository you can run goss from where you wish.

Please refer to the audit documentation for usage.

This also works alongside the Ansible Lockdown RHEL8-CIS role

Which will:

  • install
  • audit
  • remediate
  • audit

Join us

On our Discord Server to ask questions, discuss features, or just chat with other Ansible-Lockdown users

Set of configuration files and directories to run the first stages of CIS of RHEL 8 servers

This is configured in a directory structure level.

Goss is run based on the goss.yml file in the top level directory. This specifies the configuration.

further information