Achieving CIS Level 1 Hardening for Linux

This article explores the process of achieving CIS Level 1 hardening for SUSE Linux 15 and Oracle Linux 8, despite the absence of ready-made CIS-hardened images.
database managed services asm migration remote dba support database management
Written by Joel Gonsalves

Written by Joel Gonsalves

System Administrator at Blue Crystal Solutions


When securing Linux-based servers, adhering to industry standards is crucial for maintaining a robust and resilient infrastructure. The Centre for Internet Security (CIS) provides comprehensive benchmarks for hardening Linux systems, including CIS Level 1. However, in certain cases where servers have already been deployed, obtaining ready-made CIS-hardened images may not be feasible. In such scenarios, it becomes necessary to develop scripts for implementing the hardening manually. This article explores the journey of achieving CIS Level 1 hardening for SUSE Linux 15 and Oracle Linux 8, overcoming challenges and utilising tools such as OpenSCAP and Tenable to ensure compliance.

Understanding the Challenge:

The initial requirement was to harden Linux servers based on CIS Level 1 standards. However, CIS had yet to release specific scripts for implementing the hardening on SUSE Linux 15 and Oracle Linux 8. This posed a significant challenge, as the hardening process had to be developed from scratch.

Leveraging OpenSCAP:

After thorough research, the team identified OpenSCAP as a valuable resource for Linux hardening. Test servers were set up, and the OpenSCAP package was installed to access the available scripts for CIS hardening. While this provided a foundation, it was discovered that the provided scripts did not cover all items specified in the CIS standards.

Identifying Gaps and Customising Scripts:

To bridge the gaps in the hardening process, a careful review of the existing scripts was conducted. By comparing the CIS standards and using tools like Tenable, the team gained insights into the vulnerabilities and areas where the existing scripts fell short. The scripts were customised and refined based on these findings to cover the remaining CIS requirements.

Testing and Reporting:

Testing the effectiveness of the hardening measures is a crucial step in ensuring compliance. A reporting tool was unavailable for the servers associated with one client (Comviva). To address this, a prebuilt script was utilised, which generated a text-based report. This report provided insights into the gaps that needed to be addressed within the CIS script for Comviva’s servers.

Iterative Improvement:

Using the reports generated by Tenable for one client and the text-based report for Comviva, the team could identify specific areas where the scripts needed refinement. These findings were then used to update the scripts iteratively, ensuring that all necessary security measures were implemented to meet CIS Level 1 standards.

Achieving CIS Level 1 Standard:

Despite the challenges, the team successfully reached a point where the deployed servers for multiple clients met the stringent CIS Level 1 standards. By leveraging OpenSCAP, customised scripting, and iterative improvements based on testing and reporting, the Linux servers were hardened, providing enhanced security and compliance.


Implementing CIS Level 1 hardening for already deployed Linux servers requires meticulous planning and resourceful problem-solving. By leveraging tools like OpenSCAP and utilising reporting tools such as Tenable, even in the absence of a reporting tool, it is possible to identify and address the gaps in the hardening process. Through continuous refinement and customisation, the team achieved the desired level of security, providing clients with servers that meet the rigorous CIS Level 1 standards.

Learn More.

Efficient database management is not just about storing and retrieving information; it's a strategic asset that, when harnessed correctly, can propel an organisation towards sustainable growth.

For those of you in Adelaide who were unable to experience AWS re:Invent Event held in Las Vegas this year, we’re bringing the event to you in Adelaide as an offical sponsor.

In the evolving world of technology, organisations, from large businesses to national government bodies, seek partners that provide reliable and innovative solutions to enhance operational efficiency and productivity. A standout in this sphere, Blue Crystal Solutions, headquartered in Adelaide with offices in Melbourne, Brisbane, Sydney, and Perth, offers precisely such expertise. Here’s how they stand tall in cloud consulting and beyond.

Blue Crystal Solutions: your trusted & innovative IT partner.

Australian owned and operated since 2004, we provide information technology services locally, nationally and beyond.

We are a specialised supplier of Cloud, Application, Database & Infrastructure, Operating System Management, Modernisation and Transformation services. With security at the forefront of everything we do, all your services are fortified by our integrated outage protection  and monitoring tool, BlueDiamond

Scroll to Top