Support Information for CIS Benchmarks and CIS Hardened Images for Oracle Linux
(Doc ID 2949651.1)
Last updated on MAY 19, 2023
Applies to:Linux OS - Version Oracle Linux 7.0 to Oracle Linux 9.0 [Release OL7 to OL9]
This document provides answers to frequently asked questions about the CIS Benchmarks and CIS hardened images for Oracle Linux.
What are the CIS Benchmarks and CIS hardened images for Oracle Linux?
The Center for Internet Security, Inc. (CIS) is a community-driven nonprofit organization. They produce the CIS Benchmarks which consist of secure configuration guidelines and are developed through their process. CIS hardened images are pre-configured images with applicable CIS Benchmarks for Oracle Linux. CIS has provided CIS hardened Oracle Linux images through several of the major cloud service provider marketplaces.
Does Oracle support CIS Benchmarks for Oracle Linux?
Oracle currently does not support CIS Benchmarks for Oracle Linux. Customers obtain support directly from CIS and its community.
How is Oracle Linux supported if it's a CIS hardened image or Oracle Linux has been applied with CIS Benchmarks manually?
For customers that are running Oracle Linux with valid Oracle Linux support subscriptions, Oracle Support will assist customers in the following manner when they are using CIS hardened images or Oracle Linux has been applied with CIS Benchmarks manually:
- Customers are responsible for CIS hardened image bringup and the implementation of CIS Benchmarks for Oracle Linux.
- Once the Oracle Linux instance is running, technical support is provided for issues (including issues that you create) that are demonstrable in the currently supported release(s) of the Oracle Linux, running unaltered, and on an appropriate architecture and hardware configurations, as specified on https://linux.oracle.com/hardware-certifications.
Visit the Oracle Open Source Support Policies document which is the primary document used to communicate Oracle Linux Support Policies for customer deployments on-premises or in the cloud.
Is there any alternative to CIS Benchmarks and CIS hardened images for Oracle Linux that are provided by Oracle?
Yes, Oracle provides Oracle Linux STIG image, an implementation of Oracle Linux that follows the Security Technical Implementation Guide (STIG), released by the Defense Information Systems Agency (DISA).
STIGs describe how to harden Linux systems to reduce the overall attack surface. STIGs also describe maintenance processes such as software updates and vulnerability patching. Oracle has implemented the published STIG in Security Content Automation Protocol (SCAP) format and included it in the latest release of the scap-security-guide package for Oracle Linux 9, 8 and 7. This can be used in conjunction with the OpenSCAP tool shipped with Oracle Linux to validate a server against the published implementation guide. The validation process can also suggest remediation in cases where compliance is not met.
Visit Oracle Linux documentation to learn how to run a STIG compliance scan with OpenSCAP.
- Oracle Linux 9: Using OpenSCAP for Security Compliance
- Oracle Linux 8: Using OpenSCAP for Security Compliance
- Oracle Linux 7 Security Guide
Oracle Linux team has released Oracle Linux STIG images in Oracle Cloud Infrastructure:
Moreover, you can automate STIG remediation using Oracle Linux Automation Manager.
Oracle Linux provides a complete security stack, from network firewall control to access control security policies, and is designed to be secure by default.
Visit Oracle Linux Documentation to learn the Oracle Linux details and the best practices to secure Oracle Linux deployments.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|What are the CIS Benchmarks and CIS hardened images for Oracle Linux?|
|Does Oracle support CIS Benchmarks for Oracle Linux?|
|How is Oracle Linux supported if it's a CIS hardened image or Oracle Linux has been applied with CIS Benchmarks manually?|
|Is there any alternative to CIS Benchmarks and CIS hardened images for Oracle Linux that are provided by Oracle?|