Skip to content

Security best practices tool for VMs including docker's host

December 28, 2017Maxime Thoonsen1 min read

TL;DR: try this security tool it's awesome.

I was looking for best practices to secure docker applications. One of those best pratices is to make sure the host is secured and well configured. The main advice was to read the best pratices from the Center for Internet Security. This organisation provides very actionnable recommandations on how to secure your OS. It also produces a very nice tool (which require java) that you run on the server you want to check. This tool generates a detailled report describing all the security flaws and their fixes.

Testing the CIS tool on your Vagrant

You can quickly test it locally on your Vagrant following those steps:

  1. Install java on your Vagrant. If you use Ansible provisioning you can use this role
  2. After downloading the tool, extract the files and move it to your Vagrant
  3. Enable the SSH X11 forwarding for your Vagrant
  4. SSH into your vagrant and run the program. If your server is a Linux one,  run with sudo rights `CIS-CAT.sh`
  5. Select "server 2" option to have a complete report
    cis-cat-select-profil
  6. Start the check of the OS. You should see something like this:
    cis-cat-result
  7. You are done. To have an example of what you can get, see the report I got for my side project. Here is the scoring part of the report:
    CIS_score