Documentation
How to use this tool, practical use cases, and technical notes.
The CIS Linux Benchmark Checklist is a review-tracking tool — not an automated scanner. You run the audit commands on your Linux hosts, evaluate the output against the expected state, and mark each control complete in the checklist. Here is the full step-by-step workflow.
Step 1 — Open the Tool
Navigate to the checklist at pentesterworld.com. The tool loads instantly in your browser with 0/6 items complete and a 0% hardening review score. No login, no installation, and no extensions required.
Step 2 — Prepare Your Linux Host for Review
Before working through each item, ensure you have terminal access to the target host with sufficient privileges to run audit commands. Most checks require either root access or sudo rights.
Access methods by environment:
Environment | Recommended Access Method |
|---|---|
Physical / bare-metal server | Direct console or SSH session |
Virtual machine (VMware, VirtualBox) | SSH or VM console |
Cloud instance (AWS EC2, GCP VM, Azure VM) | SSH via key pair; use Session Manager for keyless access |
Container (Docker, LXC) |
|
Kubernetes pod |
|
Step 3 — Work Through Each Domain Tab
The tool organizes checks across six tabs. You can work through all items on the "All" tab or focus on one domain at a time:
Tab | Check | Audit Command to Run |
|---|---|---|
Filesystem | cramfs disabled |
|
Permissions | /etc/passwd mode 644 |
|
SSH | PermitRootLogin no |
|
Authentication | PAM password quality |
|
Logging | auditd enabled |
|
Network | Firewall active |
|
Step 4 — Interpret Audit Command Output
For each check, compare your command output against the expected compliant state:
Check | Non-Compliant Output | Compliant Output |
|---|---|---|
cramfs disabled | Module loads without error |
|
/etc/passwd permissions | Mode | Mode |
SSH PermitRootLogin |
|
|
Password requirements | No pwquality.conf or all defaults |
|
auditd status |
|
|
Firewall status |
|
|
Step 5 — Mark Items Complete
Only mark an item complete when your audit command output confirms the compliant state on the target system. The progress bar updates in real time:
Score | Hardening Posture Interpretation |
|---|---|
0 / 6 (0%) | No hardening in place — default OS install state; high-risk |
1–2 / 6 (17–33%) | Minimal hardening — significant attack surface exposed |
3–4 / 6 (50–67%) | Partial hardening — common misconfigurations remain |
5 / 6 (83%) | Strong hardening — one gap remaining; typically low risk |
6 / 6 (100%) | All selected controls verified — strong CIS baseline posture |
Step 6 — Remediate Non-Compliant Items
For any item marked incomplete, apply the remediation below before re-running the audit command:
Check | Remediation Command / Action |
|---|---|
Disable cramfs |
|
Fix /etc/passwd permissions |
|
Disable SSH root login | Edit |
Set password requirements | Install |
Enable auditd |
|
Activate firewall | Ubuntu: |
Step 7 — Export Your Report
Click "Copy report" to export your review state to the clipboard. Paste the output into:
An internal wiki, Confluence page, or Notion doc as evidence of your hardening review
A GRC platform evidence attachment for your CIS benchmark compliance documentation
A ticketing system (Jira, ServiceNow) to track open remediation items
An audit evidence package for an external auditor or customer security review
Step 8 — Repeat Per Host
This checklist tracks the review state for a single host session. For environments with multiple Linux servers, repeat the process per host. Consider creating a simple naming convention in your exported report to distinguish servers (e.g., "web-prod-01", "db-prod-02", "bastion").
The CIS Linux Benchmark Checklist is a review-tracking tool — not an automated scanner. You run the audit commands on your Linux hosts, evaluate the output against the expected state, and mark each control complete in the checklist. Here is the full step-by-step workflow.
Step 1 — Open the Tool
Navigate to the checklist at pentesterworld.com. The tool loads instantly in your browser with 0/6 items complete and a 0% hardening review score. No login, no installation, and no extensions required.
Step 2 — Prepare Your Linux Host for Review
Before working through each item, ensure you have terminal access to the target host with sufficient privileges to run audit commands. Most checks require either root access or sudo rights.
Access methods by environment:
Environment | Recommended Access Method |
|---|---|
Physical / bare-metal server | Direct console or SSH session |
Virtual machine (VMware, VirtualBox) | SSH or VM console |
Cloud instance (AWS EC2, GCP VM, Azure VM) | SSH via key pair; use Session Manager for keyless access |
Container (Docker, LXC) |
|
Kubernetes pod |
|
Step 3 — Work Through Each Domain Tab
The tool organizes checks across six tabs. You can work through all items on the "All" tab or focus on one domain at a time:
Tab | Check | Audit Command to Run |
|---|---|---|
Filesystem | cramfs disabled |
|
Permissions | /etc/passwd mode 644 |
|
SSH | PermitRootLogin no |
|
Authentication | PAM password quality |
|
Logging | auditd enabled |
|
Network | Firewall active |
|
Step 4 — Interpret Audit Command Output
For each check, compare your command output against the expected compliant state:
Check | Non-Compliant Output | Compliant Output |
|---|---|---|
cramfs disabled | Module loads without error |
|
/etc/passwd permissions | Mode | Mode |
SSH PermitRootLogin |
|
|
Password requirements | No pwquality.conf or all defaults |
|
auditd status |
|
|
Firewall status |
|
|
Step 5 — Mark Items Complete
Only mark an item complete when your audit command output confirms the compliant state on the target system. The progress bar updates in real time:
Score | Hardening Posture Interpretation |
|---|---|
0 / 6 (0%) | No hardening in place — default OS install state; high-risk |
1–2 / 6 (17–33%) | Minimal hardening — significant attack surface exposed |
3–4 / 6 (50–67%) | Partial hardening — common misconfigurations remain |
5 / 6 (83%) | Strong hardening — one gap remaining; typically low risk |
6 / 6 (100%) | All selected controls verified — strong CIS baseline posture |
Step 6 — Remediate Non-Compliant Items
For any item marked incomplete, apply the remediation below before re-running the audit command:
Check | Remediation Command / Action |
|---|---|
Disable cramfs |
|
Fix /etc/passwd permissions |
|
Disable SSH root login | Edit |
Set password requirements | Install |
Enable auditd |
|
Activate firewall | Ubuntu: |
Step 7 — Export Your Report
Click "Copy report" to export your review state to the clipboard. Paste the output into:
An internal wiki, Confluence page, or Notion doc as evidence of your hardening review
A GRC platform evidence attachment for your CIS benchmark compliance documentation
A ticketing system (Jira, ServiceNow) to track open remediation items
An audit evidence package for an external auditor or customer security review
Step 8 — Repeat Per Host
This checklist tracks the review state for a single host session. For environments with multiple Linux servers, repeat the process per host. Consider creating a simple naming convention in your exported report to distinguish servers (e.g., "web-prod-01", "db-prod-02", "bastion").