What is the CIS benchmarking tool?
The Center for Internet Security (CIS) has published hardening benchmarks for all Ubuntu LTS versions since Ubuntu 12.04 LTS. These hardening benchmarks are meant to be best-practice security configurations. Canonical has developed a tool that automates the process of hardening and auditing Ubuntu LTS images based on the published CIS benchmarks, enabling you to harden an image within minutes.
In this tutorial, we will learn how Ubuntu Advantage for Infrastructure and Ubuntu Pro customers, as well as personal users taking advantage of their free access to Ubuntu Advantage for Infrastructure, can use the Ubuntu Advantage client (UA client) to enable the CIS benchmarking tool on Ubuntu 16.04 ESM, 18.04 LTS machines.
NOTE: On Ubuntu 20.04 LTS we recommend using the Ubuntu Security Guide to comply with CIS.
Understanding the UA client
The Ubuntu Advantage (UA) client is a tool designed to automate access to UA services like Extended Security Maintenance (ESM), CIS, FIPS, and more. The client is available for all Ubuntu LTS releases, however some services, such as the CIS benchmarking tool, are in beta or are not available for all Ubuntu LTS or ESM releases.
What you’ll learn:
- How to check which version of the UA client is installed on your machine and how to update it if necessary
- How to attach the UA client to your Ubuntu Advantage account using your UA token
- How to enable the CIS benchmarking tool on your Ubuntu machine
What you’ll need:
An Ubuntu machine running a fresh install* of Ubuntu server or desktop 16.04, 18.04 or 20.04 LTS
Please note that if you use the tool to harden an existing Ubuntu image, the hardening process may take longer than estimated.