Skip to content

majodev/oci-cis-cloud-shell-guide

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 

Repository files navigation

OCI CIS Cloud Shell

This guide explains how to execute Oracle's CIS Compliance Script inside Cloud Shell. The OCI CIS Benchmark is the product of a community consensus process and consists of secure configuration guidelines developed for Oracle Cloud Infrastructure.

The goal is to quickly download a list of security recommendations for your OCI tenancy and bill of materials (BOMs) exported as CSV. Here's a sample video how this process looks like (fallback video link):

cis-report-intro-720p-social.mp4

Quickstart

This script has no prerequisites. Simply copy/paste the following commands into your Cloud Shell to build a CIS report of your tenancy:

# All files live in the cis directory in your home dir
mkdir -p ~/cis
cd ~/cis

# Remove previous report files within our current dir
rm -rf report report.zip > /dev/null

# Get the latest official CIS Compliance Script
wget https://raw.githubusercontent.com/oci-landing-zones/oci-cis-landingzone-quickstart/main/scripts/cis_reports.py

# Build the full CIS report
python3 cis_reports.py -dt --all-resources --report-directory report

# Archive all CIS report files for downloading
zip -r report.zip report

Inside Cloud Shell you should now be able to download the archived report by navigating to "Cog -> Download" (top right) and targeting this file:

cis/report.zip

Now extract that downloaded report.zip and inspect the cis_summary_report.html and for a BOM all raw_data_*.csv files in that archive.

Further information

Regarding required IAM permissions and read-only policies see here. For all further information refer to the official CIS Compliance Script repository.

About

How to execute Oracle's CIS Compliance Script inside Cloud Shell

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors