|
|
|
|
|
|
by vezzy-fnord
4038 days ago
|
|
|
Certainly good work automating a category of base tests like this, though I notice some odd assumptions being made like having more than 5 ports open at all being an inherent warning, tests that assume presence of systemd and auditd (the audit trail can be useful, though from what I know many distros configure it poorly out of the box, if at all), aufs being marked as a warning (over what - Device-mapper? UnionFS? How is it a security consideration?) and the LXC execution driver being a warning. EDIT: Apparently the CIS paper justifies marking aufs due to its age and gradual dropping of mainstream support. >5 ports isn't rationalized. LXC driver again legacy reasons in favor of libcontainer (though why do I seem to recall libcontainer had pluggable backends, LXC included... hm...) |
|
|