Auditing
An Ubuntu system can be audited for the CIS rules using the usg
command.
$ sudo usg audit <PROFILE>
with PROFILE
being the same profiles as in the compliance section.
The usg audit
command will automatically create an HTML report, to be viewed using a browser as well as an XML report and they will be stored at /var/lib/usg/
.
Customizing the audit
Compliance with a benchmark is not an all-or-nothing task. Each environment is different and options that are considered as niche in one place can be essential in another. As such, USG allows to tailor the profile and remove unnecessary rules, as well as customize the rules that have multiple options available. See the customizing the profile section for more information.