Support #311
Updated by Charles N about 1 month ago
## Hardening
We need to harden the base system image. A combination of CIS benchmarks and STIG/SCAP compliance.
### CIS Benchmarks
* Finish tweaking SSH/auditd etc config to pass CIS benchmark score for Debian 12 in Wazuh
### Compliance as code (STIG/SCAP)
* https://github.com/ComplianceAsCode/content
## 2fa
- Webmin
- Cockpit
- SSH
## LDAP Auth To Cloudron
## Patch management
### WIndows
WSUS
### Linux
- https://wiki.debian.org/UnattendedUpgrades
- https://docs.theforeman.org/release/3.15/
- Spacewalk ?
- https://unix.stackexchange.com/questions/123598/registering-ubuntu-client-with-spacewalk
- https://www.reddit.com/r/sysadmin/comments/5umy1j/setting_up_ubuntu_channels_on_spacewalk/
- https://github.com/Katello
- https://theforeman.org/plugins/katello/
## Audits
Once we have done all of the hardening, we need to audit the system to show compliance.
### Lynis
### OpenVAS