based on CIS 1.0.1
Ability to audit a system using a lightweight binary to check the current state.
This is:
- very small 11MB
- lightweight
- self contained
It works using a set of configuration files and directories to audit STIG of Debian 12.
Tested on
- Debian 12
You must have goss available to your host you would like to test.
You must have sudo/root access to the system as some commands require privilege information.
Assuming you have already clone this repository you can run goss from where you wish.
Please refer to the audit documentation for usage.
This also works alongside the Ansible Lockdown DEBIAN12-CIS role
Which will:
- install
- audit
- remediate
- audit
On our Discord Server to ask questions, discuss features, or just chat with other Ansible-Lockdown users
Set of configuration files and directories to run the first stages of CIS of DEBIAN 12 servers
This is configured in a directory structure level.
Goss is run based on the goss.yml file in the top level directory. This specifies the configuration.