Jump to content

Conduct Regular Compliance Audits

Jessica Brown
Jessica Brown
in Server Administration

Featured Replies

Posted

You are reading Part 51 of the 57-part series: Harden and Secure Linux Servers. [Level 6]

This series covers progressive security measures, from fundamental hardening techniques to enterprise-grade defense strategies. Each article delves into a specific security practice, explaining its importance and providing step-by-step guidance for implementation.

To explore more security best practices, visit the main guide for a full breakdown of all levels and recommendations.

Compliance audits ensure that your Linux servers meet regulatory and security standards such as:

🔹 GDPR (General Data Protection Regulation) – Requires data encryption, access logging, and privacy protections.
🔹 HIPAA (Health Insurance Portability and Accountability Act) – Mandates strong authentication, encryption, and logging for healthcare data.
🔹 PCI-DSS (Payment Card Industry Data Security Standard) – Enforces firewalls, access control, and log monitoring for financial transactions.
🔹 ISO 27001/NIST – Defines security frameworks for managing risk and information security.

Regular audits help:
✅ Identify and fix security gaps before attackers exploit them.
✅ Ensure compliance with industry and legal regulations.
✅ Improve accountability through logging and monitoring.

How to Conduct Compliance Audits on Linux Servers

1. Use Auditd for System Auditing

Auditd is a built-in Linux auditing system that tracks file access, user activity, and security events.

Step 1: Install and Enable Auditd
sudo apt install auditd -y   # Debian/Ubuntu
sudo yum install audit -y    # CentOS/RHEL
sudo systemctl enable --now auditd
Step 2: Configure Audit Rules for Compliance Checks

Define security policies in /etc/audit/rules.d/audit.rules:

sudo nano /etc/audit/rules.d/audit.rules

Add rules to monitor critical system files:

-w /etc/passwd -p wa -k passwd_changes     # Log password file changes
-w /var/log/auth.log -p wa -k auth_logs    # Track authentication logs
-w /etc/ssh/sshd_config -p wa -k ssh_changes  # Monitor SSH configuration changes

Save the file and restart Auditd:

sudo systemctl restart auditd
Step 3: Review Audit Logs for Compliance Issues

Check audit logs for suspicious activity:

sudo ausearch -k auth_logs --start today
2. Use OpenSCAP for Automated Compliance Auditing

OpenSCAP scans your system against security benchmarks (e.g., CIS, PCI-DSS, STIG).

Step 1: Install OpenSCAP
sudo apt install scap-security-guide openscap-scanner -y   # Ubuntu/Debian
sudo yum install scap-security-guide openscap -y           # CentOS/RHEL
Step 2: Run a Compliance Scan Against a Benchmark
oscap xccdf eval --profile cis --results scan_results.xml /usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml

🔹 Output will show compliance status and any failed checks.

Step 3: Generate a Compliance Report

Convert the scan results into an HTML report:

oscap xccdf generate report scan_results.xml > compliance_report.html

🔹 Open the compliance_report.html file in a browser for a detailed audit report.

3. Set Up Scheduled Compliance Audits

Automate compliance checks by scheduling Auditd and OpenSCAP scans using cron jobs.

Schedule a Weekly Compliance Audit
sudo crontab -e

Add:

0 3 * * 0 oscap xccdf eval --profile cis --results /var/log/compliance_scan.xml /usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml

🔹 This automatically scans the system every Sunday at 3 AM.

4. Address Compliance Issues and Maintain Audit Records
Step 1: Review Compliance Findings

Analyze OpenSCAP reports and Auditd logs to identify non-compliant configurations.

Step 2: Implement Fixes for Detected Issues

  • If OpenSCAP reports missing security patches:

    sudo apt update && sudo apt upgrade -y

  • If weak SSH settings are found:

    sudo nano /etc/ssh/sshd_config

    Set:

    PermitRootLogin no
PasswordAuthentication no

    Restart SSH:

    sudo systemctl restart sshd
Step 3: Maintain an Audit Trail

Keep logs of compliance scans, fixes, and security changes for future audits.

Store logs in a secure location:

sudo tar -czvf /backup/compliance_logs.tar.gz /var/log/compliance_scan.xml /var/log/audit/

🔹 This ensures traceability and accountability for compliance audits.

Best Practices for Compliance Auditing

✅ Automate compliance scans with OpenSCAP and Auditd.
✅ Monitor security logs for unauthorized access or configuration changes.
✅ Document security fixes and maintain an audit log for regulatory compliance.
✅ Schedule periodic audits to catch security issues before they become risks.
✅ Ensure all critical services (SSH, authentication, encryption) are configured securely.

By conducting regular compliance audits, you maintain security best practices, meet regulatory requirements, and reduce security risks, ensuring a hardened and compliant Linux environment.

  • Quote
    • Views 56
    • Created
    • Last Reply

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Reply to this topic...
    Go to topic listing

    Important Information

    Terms of Use Privacy Policy Guidelines We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.