Support #311
Updated by Charles N about 1 month ago
## Hardening We need to harden the base system image. A combination of CIS benchmarks and STIG/SCAP compliance. ### CIS Benchmarks * Finish tweaking SSH/auditd etc config to pass CIS benchmark score for Debian 12 in Wazuh ### Compliance as code (STIG/SCAP) * https://github.com/ComplianceAsCode/content ## 2fa - Webmin - Cockpit - SSH ## LDAP Auth To Cloudron ## Patch management ### Windows WIndows WSUS (exploring alternatives/self hosted) ### Linux This may be the one/done full enchilda: - https://www.uyuni-project.org/ Otherwise we may have to kit bash it together from pieces: - https://wiki.debian.org/UnattendedUpgrades - https://docs.theforeman.org/release/3.15/ - Spacewalk ? - https://unix.stackexchange.com/questions/123598/registering-ubuntu-client-with-spacewalk - https://www.reddit.com/r/sysadmin/comments/5umy1j/setting_up_ubuntu_channels_on_spacewalk/ - https://github.com/Katello - https://theforeman.org/plugins/katello/ ## Audits Once we have done all of the hardening, we need to audit the system to show compliance. ### Lynis ### OpenVAS