-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update README.md to Represent Actual Hardening Abilities #219
Comments
Hello Jesse and welcome to this repository! I understand you concerns and added mentions of it inside the README file to clarify things. |
The
README.md
of this project (along with the "About" section, etc.) is misleading because it conveys that this project performs Debian 10, Debian 11, and Debian 12 CIS Benchmark hardening.But, it doesn't do that and instead only performs Debian 10 CIS Benchmark hardening with the ability to run the Debian 10 hardening scripts on Debian 11 and Debian 12. That's a big difference!
For Debian 11, others have already noted that the numbers/recommendations in this project do not match the CIS Benchmark for Debian 11 (e.g. #201). But I haven't seen anyone point out that even though some recommendations overlap between Debian 10 and Debian 11 (some with the same recommendation number [e.g.
1.2.1
] and others with different recommendation numbers [e.g. Debian 101.1.1.5
and Debian 111.1.1.2
], many new recommendations were introduced with the Debian 11 CIS Benchmark. Therefore, there is hardening that is being missed for Debian 11 when using this project, and a false sense of being fully compliant with the Debian 11 CIS Benchmark is being given.For Debian 12, a CIS Benchmark for Debian 12 doesn't even exist yet, so obviously, it's impossible to harden Debian 12 servers following the Debian 12 CIS Benchmark. Again, this gives a false sense of being fully compliant with the (non-existent) Debian 12 CIS Benchmark.
Please fix the
README.md
and project description to avoid this confusion and clarify that this project is for Debian 10 CIS Benchmark hardening. I suspect and worry that many users who have used this project for Debian 11 and Debian 12 think they are hardening the servers with the associated CIS Benchmark recommendation for Debian 11 / Debian 12.The text was updated successfully, but these errors were encountered: