General Information

Security lockdown scripts based off of the CIS (Center for Internet Security) Benchmark guides.

Official Site: http://benchmarks.cisecurity.org

Checklist

• Distro(s): Enterprise Linux 6/7

Place all scripts in the same directory.

• security-lockdown.sh ⇒ This is the main script. Execute this one; it will determine what child script to run based on OS and provide log files.
• worker_security-lockdown_el6.sh ⇒ Script that gets executed if running CentOS/Oracle 6
• worker_security-lockdown_el7.sh ⇒ Script that gets executed if running CentOS/Oracle 7

It works best if this directory is NFS shared, in which case you can simply mount the share and run the main script.

Example: Scripts placed in /data/scripts on a NFS server called “myadminserver.local” and execute from the client system:

mount -t nfs myadminserver.local:/data /mnt
/mnt/scripts/security-lockdown.sh

• The versions that are kept updated are here: https://gitlab.com/whowe/deploy/tree/master/cis-security-lockdown

• security-lockdown_20151221.tar.gz
  • README
  • security-lockdown.sh
  • worker_security-lockdown_el6.sh
  • worker_security-lockdown_el7.sh