ββββββββββββββββββ ββββββ βββ ββββββββββ ββββββββββββ
ββββββββββββββββββββββββββββββ βββββββββββββββββββββββ
βββ ββββββββββββββββββββββ ββββββ ββββββ βββ
βββ ββββββββββββββββββββββ ββββββ ββββββ βββ
ββββββββββββββββββββββ βββββββββββββββββββββββ βββ
βββββββββββββββββββββ βββ βββββββ βββββββ βββ βββCIS Benchmark compliance auditor for Linux systems with scored reporting, baseline comparison, and remediation guidance.
This is a quick overview β security theory, architecture, and full walkthroughs are in the learn modules.
- Audit Linux systems against 104 CIS Benchmark controls (Debian/Ubuntu)
- Check filesystem hardening, services, network parameters, logging, SSH, and user accounts
- Generate scored compliance reports in terminal, JSON, or HTML format
- Compare results against a saved baseline to detect regressions and improvements
- Provide specific remediation commands for every failed control
- Support Level 1 and Level 2 benchmark profiles
- Run in test mode against mock fixtures without root access
./install.sh
sudo cisauditTip
This project uses just as a command runner. Type just to see all available commands.
Install: curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin
| Command | Description |
|---|---|
sudo cisaudit |
Run full audit with terminal output |
sudo cisaudit -l 1 |
Audit Level 1 controls only |
sudo cisaudit -f json -o report.json |
Generate JSON report |
sudo cisaudit -f html -o report.html |
Generate HTML report |
sudo cisaudit -c 5 |
Audit only Section 5 (Access/Auth) |
cisaudit --list-controls |
List all 104 registered controls |
sudo cisaudit -s baseline.json |
Save current results as baseline |
sudo cisaudit -b baseline.json |
Compare against a previous baseline |
cisaudit -t testdata/fixtures |
Run against test fixtures (no root needed) |
| Flag | Default | Description |
|---|---|---|
-l, --level |
all |
Benchmark level: 1, 2, or all |
-f, --format |
terminal |
Output format: terminal, json, html |
-o, --output |
stdout | Write report to file |
-c, --categories |
all |
Categories to audit: 1,2,3,4,5,6 |
-t, --test-root |
/ |
System root for testing |
--threshold |
0 |
Minimum pass % to exit 0 |
-q, --quiet |
off | Suppress progress output |
| # | Section | Controls |
|---|---|---|
| 1 | Initial Setup | 20 |
| 2 | Services | 18 |
| 3 | Network Configuration | 20 |
| 4 | Logging and Auditing | 18 |
| 5 | Access, Authentication and Authorization | 18 |
| 6 | System Maintenance | 10 |
| Total | 104 |
sudo cisaudit -l 1 -f json -o report.json
sudo cisaudit -c 3,5 -f terminal
sudo cisaudit -s baselines/march.json
sudo cisaudit -b baselines/march.json
cisaudit -t testdata/fixtures -f json | python3 -m json.toolThis project includes step-by-step learning materials covering security theory, architecture, and implementation.
| Module | Topic |
|---|---|
| 00 - Overview | Prerequisites and quick start |
| 01 - Concepts | CIS benchmarks, real breaches, and compliance frameworks |
| 02 - Architecture | System design, module layout, and data flow |
| 03 - Implementation | Code walkthrough with file references |
| 04 - Challenges | Extension ideas and exercises |
AGPL 3.0