Your submission was sent successfully! Close

CIS-Harden your Ubuntu in Google Cloud

Hugo Huang

on 9 November 2021

CIS Benchmarks are best practices for the secure configuration of a target system. The Center for Internet Security, Inc. (CIS®) is the authority backing CIS Benchmarks. Ubuntu Pro is entitled to be CIS compliant and packaged with CIS toolings from Canonical.

Let’s SSH into your Ubuntu Pro virtual machine. If you haven’t yet upgrade your Ubuntu LTS to Ubuntu Pro, please follow this tutorial. In less than One Minute, you will be able to get your Ubuntu Pro machine without losing any of your mission critical workloads. Once you SSH into your Ubuntu Pro, input:

ua status

You will see:

SERVICE ENTITLEDSTATUSDESCRIPTION
cisyesdisabledCenter for Internet Security Audit Tools
[…]

Let’s enable CIS for this VM:

sudo ua enable cis

You will see:

One moment, checking your subscription first
Updating package lists
Installing CIS Audit packages
CIS Audit enabled
Visit https://security-certs.docs.ubuntu.com/en/cis to learn how to use CIS

If you check the status:

ua status

You will see:

SERVICEENTITLEDSTATUSDESCRIPTION
cisyesenabledCenter for Internet Security Audit Tools
[…]

With tooling packages installed, let’s harden your Ubuntu 16.04 Pro system with CIS Level 1 Server profile:

sudo /usr/share/ubuntu-scap-security-guides/cis-hardening/Canonic
al_Ubuntu_16.04_CIS_v1.1.0-harden.sh lvl1_server

In less than 3 minutes, your Ubuntu Pro will go through the whole process of hardening and you will get a CIS level-1 compliant environment with no more manual configuration. Let’s audit the system:

sudo cis-audit level1_server

The output should be similar to:

Title   Ensure mounting of cramfs filesystems is disabled
Rule    xccdf_com.ubuntu.xenial.cis_rule_CIS-1.1.1.1
Result  pass
[…]
CIS audit scan completed. The scan results are available in /usr/share/ubuntu-scap-security-guides/cis-16.04-report.html report.

The HTML report as shown above will also present your CIS score. For comprehensive CIS hardening instructions, you can check Ubuntu CIS Compliance documentation.

Ubuntu cloud

Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.

Newsletter signup

Select topics you're
interested in

In submitting this form, I confirm that I have read and agree to Canonical's Privacy Notice and Privacy Policy.

Related posts

Securing the Open-Source supply chain with Ubuntu Pro on Google Cloud

It’s official: since the outbreak of the COVID-19 pandemic, cybercrime has increased by 600%. Among these, ransomware attacks are estimated to cost $6...

Deploy Container on Ubuntu Pro on Google Cloud

Since I wrote Launch Ubuntu Desktop on Google Cloud last week, I kept thinking about putting Ubuntu Desktop into containers. A container is an independent...

Launch Ubuntu Desktop on Google Cloud

This tutorial shows you how to set up a Ubuntu Desktop on Google Cloud. If you need a graphic interface to your virtual desktop on the cloud, this tutorial...