Please enable JavaScript.
Coggle requires JavaScript to display documents.
🛡️ 18 CIS Benchmark Linux Baseline Image - Enterprise Security Hardening …
🛡️ 18 CIS Benchmark Linux Baseline Image - Enterprise Security Hardening
1️⃣ Introduction: CIS Benchmark Linux Baseline Image
CIS
Full Form: Center for Internet Security
What it is:
Non-profit cybersecurity organization
Creates security configuration standards
Provides benchmarks for operating systems, cloud, applications
Why CIS Exists
Organizations need a secure baseline
Reduces security misconfiguration
Helps compliance:
PCI-DSS
ISO 27001
NIST Cybersecurity Framework
SOC 2
Benchmark
Meaning:
A documented security standard
Contains:
Security rules
Configuration requirements
Verification commands
Remediation steps
Linux Baseline Image
Full Meaning:
A pre-hardened Linux operating system template
Used For:
Virtual machines
Cloud servers
Kubernetes nodes
Docker hosts
Enterprise production servers
2️⃣ CIS Level Understanding
Level 1 Controls
Basic security hardening
Low operational impact
Recommended for most servers
Example:
Disable unused services
Secure passwords
Enable logging
Level 2 Controls
Advanced security
Higher restriction
May impact business operations
Example:
Kernel hardening
Strict permissions
Advanced auditing
3️⃣ CIS Linux Secure Operating System Baseline
Operating System Hardening
Remove unnecessary software
Commands:
rpm -qa
Lists installed Red Hat packages
dpkg -l
Lists Debian/Ubuntu packages
Remove unwanted packages
Red Hat:
dnf remove package_name
Ubuntu:
apt remove package_name
4️⃣ File System Security
Linux File System
Root Directory /
Configuration /etc
Logs /var/log
Temporary Files /tmp
Application Data /var
User Home /home
Important CIS Directories
/etc/passwd
Stores user account information
Does NOT store passwords
Permissions:
644
/etc/shadow
Stores encrypted password hashes
Root only access
Permissions:
000 or 600
Commands:
ls -l /etc/shadow
Check permissions
chmod 600 /etc/shadow
Secure shadow file
5️⃣ User Authentication Security
Password Policy
PAM
Full Form:
Pluggable Authentication Modules
Purpose:
Controls Linux authentication
PAM Files:
/etc/pam.d/
Authentication configuration
Password Aging
/etc/login.defs
Password expiration settings
Command:
chage -l username
Shows password aging information
6️⃣ Sudo Security
sudo
Full Form:
Super User Do
Allows controlled privilege escalation
sudo configuration
/etc/sudoers
/etc/sudoers.d/
Enterprise custom rules
visudo
Safe sudo editor
Checks syntax before saving
Example:
bilal ALL=(root) /usr/bin/systemctl
User:
bilal
Host:
ALL servers
Run as:
root
Command:
systemctl only
7️⃣ Linux Kernel Security
Kernel
Core of Linux operating system
Controls:
Memory
CPU
Hardware
Networking
sysctl
Kernel parameter management
Configuration:
/etc/sysctl.conf
Example:
Disable IP forwarding
net.ipv4.ip_forward=0
8️⃣ Logging and Monitoring
systemd journal
journalctl
Reads system logs
Log Location:
/var/log/messages
/var/log/secure
/var/log/auth.log
Enterprise Tools:
SIEM
Security Information and Event Management
Examples:
Elastic Security
Splunk
Microsoft Sentinel
9️⃣ Docker CIS Security
Docker
Container platform
Runs isolated applications
Important Docker Paths
/var/lib/docker
Docker data directory
Contains:
Images
Containers
Volumes
/etc/docker/daemon.json
Docker daemon configuration
/run/docker.sock
Docker API socket
Provides Docker control
Security risk if exposed
Commands:
docker ps
Show running containers
docker images
Show images
docker info
Docker configuration details
🔟 Docker Security Hardening
Disable insecure Docker socket access
Run containers as non-root
Enable logging
Use trusted images
Scan images:
trivy image nginx
1️⃣1️⃣ CIS Verification Tools
CIS-CAT
CIS Configuration Assessment Tool
Scans system compliance
Lynis
Linux security auditing tool
Command:
lynis audit system
1️⃣2️⃣ Enterprise Production Scenario
New Linux Server Deployment
Step 1:
Install RHEL/Ubuntu
Step 2:
Apply CIS baseline
Step 3:
Configure SSH
Configure Firewall
Enable SELinux
Configure Audit
Configure Monitoring
Step 4:
Scan compliance
Step 5:
Deploy application
1️⃣3️⃣ Interview Questions
What is CIS Benchmark?
Security configuration standard
Why harden Linux?
Reduce attack surface
Difference between Level 1 and Level 2?
Why protect docker.sock?
What is /var/lib/docker?
How do you check Linux compliance?
How do you troubleshoot CIS failures?