CIS-Harden your Ubuntu in Google Cloud
Hugo Huang
on 9 November 2021
Tags: CIS , Google Cloud , In-place upgrade , Security Hardening , Ubuntu Pro
This article was last updated 2 year s ago.
CIS Benchmarks are best practices for the secure configuration of a target system. The Center for Internet Security, Inc. (CIS®) is the authority backing CIS Benchmarks. Ubuntu Pro is entitled to be CIS compliant and packaged with CIS toolings from Canonical.
Let’s SSH into your Ubuntu Pro virtual machine. If you haven’t yet upgrade your Ubuntu LTS to Ubuntu Pro, please follow this tutorial. In less than One Minute, you will be able to get your Ubuntu Pro machine without losing any of your mission critical workloads. Once you SSH into your Ubuntu Pro, input:
| ua status |
You will see:
| SERVICE | ENTITLED | STATUS | DESCRIPTION |
|---|---|---|---|
| cis | yes | disabled | Center for Internet Security Audit Tools |
| […] |
Let’s enable CIS for this VM:
| sudo ua enable cis |
You will see:
| One moment, checking your subscription first Updating package lists Installing CIS Audit packages CIS Audit enabled Visit https://security-certs.docs.ubuntu.com/en/cis to learn how to use CIS |
If you check the status:
| ua status |
You will see:
| SERVICE | ENTITLED | STATUS | DESCRIPTION |
|---|---|---|---|
| cis | yes | enabled | Center for Internet Security Audit Tools |
| […] |
With tooling packages installed, let’s harden your Ubuntu 16.04 Pro system with CIS Level 1 Server profile:
| sudo /usr/share/ubuntu-scap-security-guides/cis-hardening/Canonic al_Ubuntu_16.04_CIS_v1.1.0-harden.sh lvl1_server |
In less than 3 minutes, your Ubuntu Pro will go through the whole process of hardening and you will get a CIS level-1 compliant environment with no more manual configuration. Let’s audit the system:
| sudo cis-audit level1_server |
The output should be similar to:
| Title Ensure mounting of cramfs filesystems is disabled Rule xccdf_com.ubuntu.xenial.cis_rule_CIS-1.1.1.1 Result pass […] CIS audit scan completed. The scan results are available in /usr/share/ubuntu-scap-security-guides/cis-16.04-report.html report. |
The HTML report as shown above will also present your CIS score. For comprehensive CIS hardening instructions, you can check Ubuntu CIS Compliance documentation.
Ubuntu cloud
Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.
Newsletter signup
Related posts
Ubuntu Pro 24.04 LTS Lands on Google Cloud: Power Up Your Cloud Experience
Exciting news for cloud enthusiasts and developers! Ubuntu Pro 24.04 LTS (Noble Numbat) is now available on Google Cloud, bringing a robust and secure...
How Ubuntu Pro + Support keeps your Ubuntu 20.04 LTS secure and stable
Running Ubuntu 20.04 LTS with ESM keeps your systems up to date with essential security patches. But when something breaks or a complex issue arises, Ubuntu...
How can you personalize your Ubuntu Pro subscription?
Ubuntu Pro is Canonical’s subscription for open source software security, support and compliance. Users of Ubuntu Pro benefit from Expanded Security...