Skip to content

Instantly share code, notes, and snippets.

@th0mas
Created January 13, 2019 19:50
Show Gist options
  • Save th0mas/30ed0b9fc7fbde0d8e3b5f930e51d337 to your computer and use it in GitHub Desktop.
Save th0mas/30ed0b9fc7fbde0d8e3b5f930e51d337 to your computer and use it in GitHub Desktop.
Ubuntu Security Best Practices
#!/usr/bin/env python3
"""
Python script that implements Ubuntu 16.04 best practices as specified by the
CIS Benchmark. Directly edits system files - use with caution haha.
Uses code from the CIS Ubuntu Linux Benchmark (v.1.10)
https://learn.cisecurity.org/benchmarks
"""
from subprocess import call as c
# Functions
def make_change(desc, cmd):
if not isinstance(cmd, list):
cmd = cmd.split(' ')
print("{}...".format(desc), end="", flush=True)
if c(cmd) == 0:
print("[SUCCESS]")
else:
print("[FAIL]")
# Disable non-crucial services
make_change("Disable printing", "systemctl disable cups")
make_change("Disable DHCP server", "systemctl disable isc-dhcp-server")
make_change("Disable DHCPv6 server", "systemctl disable isc-dhcp-server6")
make_change("Disable LDAP server", "systemctl disable slapd")
make_change("Disable DNS server", "systemctl disable bind9")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment