I have been trying to find a debian11 that is CIS benchmarked without much success. Anybody know if there is one, or only up to debian 10?
-or-
do you know where i can have a debian 11 image that is CIS vetted that does not come from CIS itself (I just checked there we will find only debian10).
thank you,
./antonio/.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
CIS debian 11 benchmarked
-
- Posts: 429
- Joined: 2007-12-14 23:16
- Has thanked: 12 times
- Been thanked: 13 times
Re: CIS debian 11 benchmarked
"CIS vetted" - what does that mean?
antiX with runit - lean and mean.
https://antixlinux.com
https://antixlinux.com
- Hallvor
- Global Moderator
- Posts: 2042
- Joined: 2009-04-16 18:35
- Location: Kristiansand, Norway
- Has thanked: 149 times
- Been thanked: 212 times
Re: CIS debian 11 benchmarked
I think he means this: https://www.cisecurity.org/cis-benchmarks/
OP: Perhaps install Debian 10 if it's so important. It has LTS support for another two years.
OP: Perhaps install Debian 10 if it's so important. It has LTS support for another two years.
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 68 times
Re: CIS debian 11 benchmarked
CIS == Comodo Internet Security? - it's a a bad idea - don't trust them.antoniotuninprado wrote: ↑2022-06-29 18:19 I have been trying to find a debian11 that is CIS benchmarked without much success.
Just use an official ISO images from Debian website - and check the image signature if You're paranoid. When You instal the OS it's possible to also check the individual files using f.e. the debsums program.
Anyway, this topic looks like an advertisement of CIS services, which are useless for Linux users and IMO this topic should be locked.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
-
- Posts: 3
- Joined: 2022-06-29 18:15
Re: CIS debian 11 benchmarked
replying to you all here:
vetted is a validation based on the benchmarks of the image that is posted for example into gcp or aws. At least this is what both (cloud and cis) claims;
nope, i am NOT advertising for cis services in any shape or form.
on using an official ISO is fine, but it comes with many security features not enabled. For example, grub is not protected on reboots, lots of kernel modules are can altered, etc.
unfortunately i had to go one-by-one of the 190 items of the benchmark.
anyway, thank you all for responding and if i find anything that might answer my question i will post here.
./a/.
vetted is a validation based on the benchmarks of the image that is posted for example into gcp or aws. At least this is what both (cloud and cis) claims;
nope, i am NOT advertising for cis services in any shape or form.
on using an official ISO is fine, but it comes with many security features not enabled. For example, grub is not protected on reboots, lots of kernel modules are can altered, etc.
unfortunately i had to go one-by-one of the 190 items of the benchmark.
anyway, thank you all for responding and if i find anything that might answer my question i will post here.
./a/.
- sunrat
- Administrator
- Posts: 6479
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 118 times
- Been thanked: 474 times
Re: CIS debian 11 benchmarked
You still haven't clarified what you mean by "CIS vetted". This is a user forum so most of us are only peripherally familiar with enterprise topics.antoniotuninprado wrote: ↑2022-06-29 22:39anyway, thank you all for responding and if i find anything that might answer my question i will post here.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
-
- Posts: 3
- Joined: 2022-06-29 18:15
Re: CIS debian 11 benchmarked
hi,
one more clarification:
by "CIS vetted" = a CIS benchmarked OS.
CIS does issue a list of approx 190 benchmark fixes. Because these benchmarks are mostly based on on-premise environment, a cloud benchmark image is downloadable into public clouds. I am working on gcp, so, if you go into cis and select gcp, you are able to download a benchmarked image that is designed for google-gcp.
Unfortunately, I am not able to ssh into any of these images, I have tried debian, redhat, centos, etc.
benchmarks comes in three types: level1, level2, and stig whcih provides different levels of hardening for the OS.
Google support cannot help much, because even if comes from marketplace (gcp), it is a 3rd party product.
The only way i can connect to any image is, if i make a connection via serial port - console; however, i have no idea on the root password.
hope this helps you to help me...
thank you all for your time
./antonio/.
one more clarification:
by "CIS vetted" = a CIS benchmarked OS.
CIS does issue a list of approx 190 benchmark fixes. Because these benchmarks are mostly based on on-premise environment, a cloud benchmark image is downloadable into public clouds. I am working on gcp, so, if you go into cis and select gcp, you are able to download a benchmarked image that is designed for google-gcp.
Unfortunately, I am not able to ssh into any of these images, I have tried debian, redhat, centos, etc.
benchmarks comes in three types: level1, level2, and stig whcih provides different levels of hardening for the OS.
Google support cannot help much, because even if comes from marketplace (gcp), it is a 3rd party product.
The only way i can connect to any image is, if i make a connection via serial port - console; however, i have no idea on the root password.
hope this helps you to help me...
thank you all for your time
./antonio/.
-
- Global Moderator
- Posts: 2684
- Joined: 2018-06-20 15:16
- Location: Colorado
- Has thanked: 41 times
- Been thanked: 196 times