Support #311
Updated by Charles N about 1 month ago
## Hardening
We need to harden the base system image. A combination of CIS benchmarks and STIG/SCAP compliance.
### CIS Benchmarks
* Finish tweaking SSH/auditd etc config to pass CIS benchmark score for Debian 12 in Wazuh
### Compliance as code (STIG/SCAP)
* https://github.com/ComplianceAsCode/content
## 2fa
- Webmin
- Cockpit
- SSH
## LDAP Auth To Cloudron
## Patch management
### Windows
WSUS (exploring alternatives/self hosted)
### Linux
This may be the one/done full enchilda:
- https://www.uyuni-project.org/
Otherwise we may have to kit bash it together from pieces:
- https://wiki.debian.org/UnattendedUpgrades
- https://docs.theforeman.org/release/3.15/
- Spacewalk ?
- https://unix.stackexchange.com/questions/123598/registering-ubuntu-client-with-spacewalk
- https://www.reddit.com/r/sysadmin/comments/5umy1j/setting_up_ubuntu_channels_on_spacewalk/
- https://github.com/Katello
- https://theforeman.org/plugins/katello/
- https://medium.com/@kylejones199108/ansible-patch-management-for-linux-systems-using-ansible-part-1-501df3748f84
## Audits
Once we have done all of the hardening, we need to audit the system to show compliance.
### Lynis
### OpenVAS