[RFE] 2024 CIS Benchmarks and associated documentation for Stable and LTS releases #1362
Labels
kind/feature
A feature request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current situation
CIS folder in source code is over 2 years old https://github.com/flatcar/Flatcar/pull/682/files/9302533faf8f2f2e6ea9ea9e481302ed838a5c08 .
"CIS" search on Flatcar.org returns no results.
Unable to show server configuration is secure and configured to secure standards.
Impact
Unable to pass government audits. Flatcar is likely significantly more secure than other Linux distributions, however, still need CIS Benchmark reports to prove this to auditors.
Ideal future situation
https://www.cisecurity.org/cis-benchmarks should have a benchmark for Flatcar Linux.
Update https://github.com/flatcar/Flatcar/tree/main/CIS folder and publish the results with each build Stable and LTS builds.
Create a new page, https://www.flatcar.org/docs/latest/setup/security/CIS_Benchmarks - this page should have a high-level overview and then go into technical details of why an individual control is not applicable to the design of Flatcar. Goal should be to document the current results of the current Stable and LTS builds "as is" rather than coding fixes.
Implementation options
Additional information
Their used to be a CIS webpage for Flatcar a few years back, but appears to have disappeared. This webpage had some good highlights on why some of the CIS Benchmarks were not applicable to Flatcar due to its read only and no package manager secure by design nature...
Currently working in Azure and Flatcar does not integrate with security.microsoft.com to show vulnerabilities and recommendations in Azure. Thus need a CIS report to show compliance.
The text was updated successfully, but these errors were encountered: