Hardening Overview

Hardening Standard

CIS Benchmark

• Free pdf guide available for OS (Windows, Mac OS, Linux), Server Software, Mobile Devices, Cloud Providers, Network Devices and much more
• Available to paid-for membership: Scripts, assessment tools available
• Center for Internet Security (CIS): https://www.cisecurity.org/cis-benchmarks/


System Accessment Tools
(for Configuration and Vulnerabilities)

Security Content Automation Protocol (SCAP)
National Institute of Standards and Technology (U.S.)
SCAP is a standard from NIST
NIST produces many standards
SCAP is a standard or protocol that allows for the creation of human and machine readable security documents that can be used with automated tools to help both audit and harden the system
OpenScap is an implementation of SCAP
OpenScap is a collection of tools, security policies (baselines and recommendations how it believes system should be secured


# Install SCAP Workbench
sudo apt install scap-workbench
sudo apt install libopenscap8

# Install SCAP Security Guide
# Available on Debian 10 and newer
sudo apt install ssg-base ssg-debderived ssg-debian ssg-nondebian ssg-applications
# alternatively, you can import custom ones in XCCDF format

SCAP workbench can import SCAP security guide or standards in XCCDF format. It will then scan the system and determine if the system is passed or failed against the imported standards


Audit Tools