A complete, production-ready implementation of CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0 security policies for Fleet device management platform.
- Download the
cis-policy-queries.ymlfile from this repository - Upload to Fleet using fleetctl
- Deploy policies to your Ubuntu 24.04 LTS hosts
- Monitor compliance in Fleet dashboard
- Level 1 (Basic): Essential security configurations
- Level 2 (Advanced): Comprehensive security hardening
- All major sections: Filesystem, services, network, logging, access control, maintenance
- Initial Setup: Filesystem configuration, package management, mandatory access control
- Services: Disable unnecessary services, configure essential services
- Network: IP forwarding, packet routing, firewall configuration
- Logging & Auditing: System event monitoring, log management
- Access Control: SSH hardening, user management, authentication
- System Maintenance: File permissions, user accounts, system updates
| Component | Version | Notes |
|---|---|---|
| Fleet | 4.0+ | Device management platform |
| osquery | 5.17.0+ | Query engine |
| Ubuntu | 24.04 LTS | Target operating system |
| Permissions | Admin/Root | Required for system queries |
# Install fleetctl
https://fleetdm.com/guides/fleetctl#installing-fleetctl
# Configure Fleet connection
fleetctl config set --address https://your-fleet-instance.com
# Upload policies
fleetctl apply -f cis-policy-queries.ymlEach policy returns:
- 1 = PASSING/COMPLIANT (secure configuration detected)
- 0 = FAILING/NON-COMPLIANT (security issue found)
| Section | Policies | Level | Description |
|---|---|---|---|
| 1. Initial Setup | 48 | 1 & 2 | Filesystem configuration, software updates, mandatory access control, boot settings, process hardening |
| 2. Services | 26 | 1 & 2 | Time sync, special purpose services, client services |
| 3. Network | 22 | 1 & 2 | Network parameters, firewall configuration |
| 4. Logging & Auditing | 28 | 1 & 2 | rsyslog, journald, auditd configurations |
| 5. Access Control | 28 | 1 & 2 | SSH server hardening, PAM, user environment |
| 7. System File Permissions | 20 | 1 & 2 | File permissions and user/group settings |
Total: 172 comprehensive security policies
- Edit queries in the YAML file to match your environment
- Adjust tags for custom categorization
- Update descriptions for organization-specific guidance
# Custom remediation for your environment
resolution: |
Run the following command on your systems:
ansible-playbook -i inventory site.yml --tags=cis-1.1.2.1.1- Development: Disable certain strict policies
- Production: Enable all Level 1 + critical Level 2 policies
- Compliance: Enable all policies for audit requirements
- Fleet Documentation: https://fleetdm.com/docs
- osquery Documentation: https://osquery.readthedocs.io
- CIS Benchmarks: https://www.cisecurity.org/cis-benchmarks
- Check existing issues before creating new ones
- Provide details: osquery version, Fleet version, error messages
- Include examples: failing queries, expected vs actual results
- Fork this repository
- Create feature branch:
git checkout -b feature/improvement-name - Test thoroughly with osquery and Fleet
- Submit pull request with detailed description
This project is licensed under the MIT License - see the LICENSE file for details.
- CIS Benchmarks: Policies based on CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0
- Usage Rights: Free for commercial and non-commercial use
- Warranty: Provided "as-is" without warranty
- Liability: Users responsible for testing and validation in their environments
- Center for Internet Security (CIS) for the Ubuntu 24.04 LTS Benchmark
- Fleet Team for the device management platform
- osquery Community for the query engine
- Contributors who helped test and improve these policies
- 🎯 172 policies covering comprehensive security controls
- ✅ 100% schema validated against osquery 5.17.0
- 🔧 Production tested on Ubuntu 24.04 LTS systems
- 📊 Fleet compatible with proper pass/fail logic
Ready to secure your Ubuntu fleet? Download the YAML file and start monitoring CIS compliance today! 🚀