Automate CentOS 6 deployments with CIS Security Benchmarks already applied

A coworker heard me grumbling about Linux system administration standards and recommended that I review the CIS Security Benchmarks. After downloading the Red Hat Enterprise Linux 6 security benchmark PDF, I quickly started to see the value of the document. Some of the standards were the installation defaults, some were often forgotten settings, and some were completely brand new to me.

Automating the standards can be a little treacherous simply due to the number of things to adjust and check. I’ve created a kickstart for CentOS 6 and tossed it on Github:

Be sure to read the disclaimers in the README before getting started. Also, keep in mind that the kickstarts are in no way approved by or affiliated with the Center for Internet Security in any way. This is just something I’m offering up to the community in the hope that it helps someone.


  1. sckain says

    I’ve been looking for something like this, I didn’t want to reinvent the wheel. Is it still current? Have you come across any tools since developing the ks that implemented SCAP (or other standards) at OS install?

  2. Raman says

    Thanks for the script, it makes life easier.

    Line 206 – there is no PART variable, it should start with:
    df –local -P | awk {‘if (NR!=1) print $6′} | xargs -I ‘{}’ find ‘{}’ -xdev …..

Leave a Reply

Your email address will not be published. Required fields are marked *