🔧 Assessment

OS Hardening — CIS Benchmarks Level 1

55+ controls checked against CIS Level 1 benchmarks for Ubuntu, RHEL/CentOS, and Windows Server. The hardening baseline every server should meet.

Start Free Assessment →Talk to Our Team

What We Assess

6 CIS Benchmark Sections

Filesystem Configuration

Kernel modules disabled (cramfs, freevxfs, etc.), /tmp mount options (noexec, nosuid, nodev), GRUB bootloader password.

Service Hardening

Legacy services removed (xinetd, telnet, rsh), NTP configured, X Window System not on servers.

Network Parameters

IP forwarding, ICMP redirects, source routing, SYN cookies, IPv6 router advertisements.

Logging & Auditing

auditd running, log rotation, rsyslog/syslog-ng active, log file permissions, PowerShell logging (Windows).

Access Controls

SSH configuration, crontab permissions, password quality, password aging, account lockout (Windows).

System Maintenance

File permissions (/etc/passwd, /etc/shadow), duplicate UIDs/GIDs, SMBv1 disabled, firewall profiles (Windows).

Who This Is For

Every server in production. CIS Level 1 is the baseline that compliance auditors, penetration testers, and insurance underwriters check first. Required by SEBI, RBI, PCI-DSS, and ISO 27001.

Compliance Frameworks Mapped

CIS Benchmarks L1SEBI CSCRFCERT-In AdvisoryISO 27001 A.12PCI-DSS Req 2

How Hardened Are Your Servers?

Run the CIS L1 assessment. Get a pass/fail score for every control with exact remediation commands.

Start Free Assessment →