Still can't find what you're looking for?Run Benchmark
Cloudhouse Guardian (Guardian) provides a list of Center for Internet Security (CIS) benchmarks that can be applied to a node or node group to ensure that they are compliant with the parameters stipulated by the CIS. The following topic describes how to run a benchmark against a node or node group, to check the overall security of the node's configuration. For more information on the benchmarks provided by Guardian, see Benchmarks (
Get Started
The benchmarks library is updated at the start of each quarter, or as needed, based on standards released by CIS. Before assigning a benchmark, it may be beneficial to explore the current list of benchmarks and assess which one(s) you'd like to apply and to which nodes.
Note: If there is a benchmark missing that you would like to be added, please contact your Cloudhouse Representative or email helpdesk@cloudhouse.com to raise a support ticket.
If you are just starting out with benchmarks, it may be useful to start with the following tasks:
-
Choose a single benchmark that can be applied to a small group of nodes. For example, you could apply aspects of the 'CIS Red Hat 7' benchmark on all your RHEL 7 nodes.
-
If the benchmark you want to apply is tiered, start with the Level 1 checks.
-
Look at each of the checks included within a benchmark and assess which aspects you may want to apply to your target node(s). For example, the 'RHEL 6 Level 1' benchmark contains user access control checks in section 5 that may be of use to specific node types.
Run a Benchmark Against a Target
In the Benchmarks tab (Control > Benchmarks), locate the benchmark that you want to run. Then, select 'Run' from the View drop-down list. The Select the target dialog is displayed. Here, you can choose whether to apply the benchmark to a singular node, or a group of nodes. Additionally, you can use the search box to filter your results if you are looking for a particular target. Click Select to apply the benchmark to an individual node or node group.
Note: To run a benchmark against a target, the node or node group must be configured correctly, with an Agent or Connection Manager online and available to process requests. For more information, see Connection Managers.
Once selected, the Job Processing dialog is displayed and the benchmark is triggered to be run against the target node(s), or node group(s). Depending on the size of the target, this may take a few minutes to process. For more information, see Job History (Control > Job History).
Click to access the Job History tab, where you can check the progress of the job run. Once the job is complete, the Status will display as Succeeded (
). If the job fails, you can click on the job to display information about the cause of failure. For more information, see Job History.
