Note that the hardening results are against version 4.29.0 of the CIS-CAT Assessor.
As well as the /opt/security/extr-granite.py script for TPVM
deployments, a security hardening script for Ubuntu Linux 20.04 LTS
host servers is available at /opt/efa/security/extr-granite-server.py. The
script depends on three packages, auditd, audispd-plugins, and
iptables-persistant. These packages are not shipped with XCO and they and their dependencies must be installed
on the XCO
server before using the security script.
To run this procedure, complete the following:
(efa:user)user@server2:~/efa33$ cd /opt/efa/security/
(efa:user)user@server2:/opt/efa/security$ ls
extr-granite-server.py
(efa:user)user@server2:/opt/efa/security$ sudo su
root@server2:/opt/efa/security# ls
extr-granite-server.py
root@server2:/opt/efa/security# ./extr-granite-server.py
Initialized empty Git repository in /opt/extr-granite-server-hardening/OS-files-git/.git/
[master (root-commit) 136e544] initial import
1 file changed, 1 insertion(+)
create mode 100644 README
[+] ./extr-granite-server.py version: 0.01 - Initialized
sent 433 bytes received 36 bytes 938.00 bytes/sec
total size is 619 speedup is 1.32
[master f09c26c] file: /etc/profile, CIS-CAT test: 5.5.5 Ensure default user shell timeout is 900 seconds or less
1 file changed, 3 insertions(+)
[+] Total checks run: 71
root@server2:/opt/efa/security# exit
exit
(efa:user)user@server2:/opt/efa/security$
Note that the hardening results are against version 4.29.0 of the CIS-CAT Assessor. The following is achieved against XCO Version 3.6.0 Build 15 on Ubuntu Version 20.04 LTS.
Active Node
-----------------------------------------------------------------------------
***** Assessment Results Summary *****
-----------------------------------------------------------------------------
Total # of Results: 243
Total Scored Results: 219
Total Pass: 181
Total Fail: 38
Total Error: 0
Total Unknown: 0
Total Not Applicable: 0
Total Not Checked: 19
Total Not Selected: 0
Total Informational: 5
-----------------------------------------------------------------------------
***** Assessment Scoring *****
-----------------------------------------------------------------------------
Score Earned: 181.0
Maximum Available: 219.0
Total: 82.65%
-----------------------------------------------------------------------------
Standby Node
-----------------------------------------------------------------------------
***** Assessment Results Summary *****
-----------------------------------------------------------------------------
Total # of Results: 243
Total Scored Results: 219
Total Pass: 180
Total Fail: 39
Total Error: 0
Total Unknown: 0
Total Not Applicable: 0
Total Not Checked: 19
Total Not Selected: 0
Total Informational: 5
-----------------------------------------------------------------------------
***** Assessment Scoring *****
-----------------------------------------------------------------------------
Score Earned: 180.0
Maximum Available: 219.0
Total: 82.19%
-----------------------------------------------------------------------------