Skip to content

Commit c179a09

Browse files
authored
Merge pull request #1787 from oracle-devrel/oheimbur-250530
Updated OCI Security Health Check - Standard Edition for CIS OCI Foundation Benchmark 3.0.0
2 parents a1ef1e3 + 706df92 commit c179a09

13 files changed

+594
-320
lines changed

.DS_Store

0 Bytes
Binary file not shown.

security/security-design/shared-assets/oci-security-health-check-standard/README.md

Lines changed: 11 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,7 @@
22

33
Owner: Olaf Heimburger
44

5-
Version: 250430 (cis_report.py version 2.8.8.1) for CIS OCI Foundation Benchmark 2.0.0
6-
7-
Reviewed: 01.02.2024
5+
Version: 250530 (cis_report.py version 3.0.0.4) for CIS OCI Foundation Benchmark 3.0.0
86

97
# Introduction
108
![Flyer](./files/resources/OCI_Security_Health_Check_Standard.png)
@@ -38,7 +36,7 @@ The file standard.sh acts as the entry point and does the following:
3836

3937
- Automatic check for Python runtime version
4038
- Automatic venv creation and activation
41-
- Automatci installation of required Python libraries
39+
- Automatic installation of required Python libraries
4240
- Automatic **OCI Cloud Shell** and tenancy name detection
4341
- Automatic creation of timestamped output directory
4442
- Call of cis_reports.py
@@ -58,22 +56,22 @@ See the *OCI Security Health Check - Standard Edition* in action and watch the [
5856

5957
Before running the *OCI Security Health Check - Standard Edition* you should download and verify it.
6058

61-
- Download the latest distribution [oci-security-health-check-standard-250430.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.zip).
59+
- Download the latest distribution [oci-security-health-check-standard-250530.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.zip).
6260
- Download the respective checksum file:
63-
- [oci-security-health-check-standard-250430.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.sha512).
64-
- [oci-security-health-check-standard-250430.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.sha512256).
61+
- [oci-security-health-check-standard-250530.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.sha512).
62+
- [oci-security-health-check-standard-250530.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.sha512256).
6563
- Verify the integrity of the distribution. Both files must be in the same directory (for example, in your downloads directory).
6664

6765
On MacOS:
6866
```
6967
cd <your_downloads_directory>
70-
shasum -a 512256 -c oci-security-health-check-standard-250430.sha512256
68+
shasum -a 512256 -c oci-security-health-check-standard-250530.sha512256
7169
```
7270
7371
On Linux (including Cloud Shell):
7472
```
7573
cd <your_downloads_directory>
76-
sha512sum -c oci-security-health-check-standard-250430.sha512
74+
sha512sum -c oci-security-health-check-standard-250530.sha512
7775
```
7876
7977
**Reject the downloaded file if the check fails!**
@@ -86,10 +84,10 @@ In OCI Cloud Shell you can do a short cut without downloading the files mentione
8684
2. Open Cloud Shell
8785
3. Run these commands in your Cloud Shell:
8886
```
89-
wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.zip
90-
wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.sha512
91-
sha512sum -c oci-security-health-check-standard-250430.sha512
92-
unzip -q oci-security-health-check-standard-250430.zip
87+
wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.zip
88+
wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.sha512
89+
sha512sum -c oci-security-health-check-standard-250530.sha512
90+
unzip -q oci-security-health-check-standard-250530.zip
9391
```
9492
9593
## Prepare the OCI Tenancy

security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.md

Lines changed: 15 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
Owner: Olaf Heimburger
44

5-
Version: 250430 (cis_report.py version 2.8.8.1) for CIS OCI Foundation Benchmark 2.0.0
5+
Version: 250530 (cis_report.py version 3.0.0.4) for CIS OCI Foundation Benchmark 3.0.0
66

77
## When to use this asset?
88

@@ -31,7 +31,7 @@ The file standard.sh acts as the entry point and does the following:
3131

3232
- Automatic check for Python runtime version
3333
- Automatic venv creation and activation
34-
- Automatci installation of required Python libraries
34+
- Automatic installation of required Python libraries
3535
- Automatic **OCI Cloud Shell** and tenancy name detection
3636
- Automatic creation of timestamped output directory
3737
- Call of cis_reports.py
@@ -47,22 +47,22 @@ Tested on **OCI Cloud Shell** with **Public network**, **Oracle Linux**, **MacOS
4747

4848
Before running the *OCI Security Health Check - Standard Edition* you should download and verify it.
4949

50-
- Download the latest distribution [oci-security-health-check-standard-250430.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.zip).
50+
- Download the latest distribution [oci-security-health-check-standard-250530.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.zip).
5151
- Download the respective checksum file:
52-
- [oci-security-health-check-standard-250430.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.sha512).
53-
- [oci-security-health-check-standard-250430.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250430.sha512256).
52+
- [oci-security-health-check-standard-250530.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.sha512).
53+
- [oci-security-health-check-standard-250530.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-250530.sha512256).
5454
- Verify the integrity of the distribution. Both files must be in the same directory (for example, in your downloads directory).
5555

5656
On MacOS:
5757
```
5858
cd <your_downloads_directory>
59-
shasum -a 512256 -c oci-security-health-check-standard-250430.sha512256
59+
shasum -a 512256 -c oci-security-health-check-standard-250530.sha512256
6060
```
6161
6262
On Linux (including Cloud Shell):
6363
```
6464
cd <your_downloads_directory>
65-
sha512sum -c oci-security-health-check-standard-250430.sha512
65+
sha512sum -c oci-security-health-check-standard-250530.sha512
6666
```
6767
6868
**Reject the downloaded file when the check fails!**
@@ -207,7 +207,7 @@ allow group 'Default'/'grp-auditors' to inspect vcns in compartment <compartment
207207
- Upload the distribution file.
208208
- Extract it
209209
```
210-
unzip -q oci-security-health-check-standard-250430.zip
210+
unzip -q oci-security-health-check-standard-250530.zip
211211
```
212212
213213
#### Run the script
@@ -281,11 +281,11 @@ allow group 'Default'/'grp-auditors' to inspect vcns in compartment <compartment
281281
Follow the instructions to select /usr/bin/python3.9
282282
- Log out
283283
284-
- From your desktop, upload the `oci-security-health-check-standard-250430.zip` file to the Compute VM using any SFTP client.
284+
- From your desktop, upload the `oci-security-health-check-standard-250530.zip` file to the Compute VM using any SFTP client.
285285
- Log into the Compute VM
286286
- Extract the distribution
287287
```
288-
unzip -q oci-security-health-check-standard-250430.zip
288+
unzip -q oci-security-health-check-standard-250530.zip
289289
```
290290
- Change directory into `oci-security-health-check-standard`:
291291
```
@@ -343,7 +343,11 @@ The report results are summarized in two files:
343343
344344
## Known Issues
345345
346-
No known issues.
346+
1. Python 3.8 is not supported anymore.
347+
OCI Cloud Shell is the minimal required environment. The Python version used in OCI Cloud Shell is 3.9.
348+
2. Diagrams are not part of the HTML page.
349+
This may be because of broken `numpy installation`. The following command should resolve this:
350+
`pip3 install --upgrade --force-reinstall --user numpy`
347351
348352
## Credits
349353

security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.txt

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
OCI Security Health Check - Standard Edition
33
============================================
44
Owner: Olaf Heimburger
5-
Version: 250430 (cis_report.py version 2.8.8.1) for CIS OCI Foundation Benchmark 2.0.0
5+
Version: 250530 (cis_report.py version 3.0.0.4) for CIS OCI Foundation Benchmark 3.0.0
66

77
When to use this asset?
88

@@ -37,7 +37,7 @@ The file standard.sh acts as the entry point and does the following:
3737

3838
- Automatic check for Python runtime version
3939
- Automatic venv creation and activation
40-
- Automatci installation of required Python libraries
40+
- Automatic installation of required Python libraries
4141
- Automatic OCI Cloud Shell and tenancy name detection
4242
- Automatic creation of timestamped output directory
4343
- Call of cis_reports.py
@@ -112,7 +112,7 @@ Usage
112112
- From the menu select the Cloud Shell item.
113113
- When running it the first time:
114114
- Upload the provided ZIP file.
115-
- Extract it with unzip -q oci-security-health-check-standard-250430.zip
115+
- Extract it with unzip -q oci-security-health-check-standard-250530.zip
116116
- Change directory into oci-security-health-check-standard
117117
$ cd oci-security-health-check-standard
118118
$ screen
@@ -169,11 +169,11 @@ Usage
169169
- Log out
170170

171171
- From your desktop, upload the
172-
"oci-security-health-check-standard-250430.zip" file to the Compute VM
172+
"oci-security-health-check-standard-250530.zip" file to the Compute VM
173173
using any SFTP client.
174174
- Log into the Compute VM
175175
- Extract the distribution
176-
unzip -q oci-security-health-check-standard-250430.zip
176+
unzip -q oci-security-health-check-standard-250530.zip
177177

178178
- Change directory into "oci-security-health-check-standard":
179179
cd oci-security-health-check-standard
@@ -221,7 +221,11 @@ Usage
221221

222222
5 Known Issues
223223

224-
No known issues.
224+
1. Python 3.8 is not supported anymore.
225+
OCI Cloud Shell is the minimal required environment. The Python version used in OCI Cloud Shell is 3.9.
226+
2. Diagrams are not part of the HTML page.
227+
This may be because of broken `numpy installation`. The following command should resolve this:
228+
`pip3 install --upgrade --force-reinstall --user numpy`
225229

226230
6 Credits
227231

security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/requirements.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ pytz
33
pandas
44
openpyxl>=3.1.5
55
pyyaml>=6.0
6-
oci>=2.147.0
6+
oci>=2.152.1
77
requests
88
matplotlib
99
numpy

0 commit comments

Comments
 (0)