This commit is contained in:
Mateusz Suski
@@ -1,6 +1,6 @@
|
||||
# CIS-Inspired Debian and Ubuntu Hardening
|
||||
# Debian And Ubuntu Baseline Hardening Role
|
||||
|
||||
This role applies a small, practical set of CIS-inspired operational hardening controls for Debian and Ubuntu servers. It is intentionally readable, conservative, and suitable as a baseline for production environments that still need local review.
|
||||
This role applies a small, practical set of selected baseline operational hardening controls for Debian and Ubuntu servers. It is intentionally readable, conservative, and suitable as a baseline for managed environments that still need local review.
|
||||
|
||||
## Supported OS
|
||||
|
||||
@@ -11,7 +11,7 @@ Unsupported distributions and versions fail during precheck before hardening tas
|
||||
|
||||
## Implemented Areas
|
||||
|
||||
- SSH daemon hardening with a validated drop-in configuration
|
||||
- SSH daemon hardening through a managed drop-in and final `sshd -t` validation
|
||||
- Legacy network package removal
|
||||
- Optional installation and enablement of `auditd`, `chrony`, `rsyslog`, and `sudo`
|
||||
- Kernel network sysctl hardening
|
||||
@@ -31,7 +31,7 @@ The defaults are intended to be operationally safe:
|
||||
- Services are enabled only when the matching feature is enabled and the service exists.
|
||||
- Existing logging configuration is not replaced.
|
||||
|
||||
This role does not implement the full CIS benchmark and is not a CIS certification implementation.
|
||||
This role does not implement the full CIS benchmark and is not a compliance certification implementation.
|
||||
|
||||
## Usage
|
||||
|
||||
|
||||
Reference in New Issue
Block a user