Support #311
Updated by Charles N about 1 month ago
## Hardening We need to harden the base system image. A combination of CIS benchmarks and STIG/SCAP compliance. ### CIS Benchmarks * Finish tweaking SSH/auditd etc config to pass CIS benchmark score for Debian 12 in Wazuh ### Compliance as code (STIG/SCAP) * https://github.com/ComplianceAsCode/content ## 2fa - Webmin - Cockpit - SSH ## LDAP Auth To Cloudron ## Auto patching * https://wiki.debian.org/UnattendedUpgrades ## Patch management/reporting ### WIndows WSUS ### Linux Spacewalk https://github.com/Katello https://theforeman.org/plugins/katello/ ## Audits Once we have done all of the hardening, we need to audit the system to show compliance. ### Lynis ### OpenVAS