Auditing an Ubuntu 20.04 or 22.04 System for CIS compliance

Auditing

An Ubuntu system can be audited for the CIS rules using the usg command.

$ sudo usg audit <PROFILE>

with PROFILE being the same profiles as in the compliance section.

The usg audit command will automatically create an HTML report, to be viewed using a browser as well as an XML report and they will be stored at /var/lib/usg/.

Customizing the audit

Compliance with a benchmark is not an all-or-nothing task. Each environment is different and options that are considered as niche in one place can be essential in another. As such, USG allows to tailor the profile and remove unnecessary rules, as well as customize the rules that have multiple options available. See the customizing the profile section for more information.

1 Like