SecureBaseline Cloud

SecureBaseline Cloud is an automated hardening platform for Linux servers based on CIS Benchmarks. The solution identifies and remediates OS configuration vulnerabilities, ensuring compliance with information security requirements.

What’s New in v1.2.3

Instant vulnerability scanning. CVE and OVAL databases are now pre-installed in the image. The first scan starts immediately after deployment — no more waiting for the 30-minute synchronization that was previously required.

FSTEC BDU database with 74,000+ entries. For organizations operating under Russian information security standards, the full FSTEC threat and vulnerability database is integrated. Updates are automatic.

Improved automated remediation. Two-pass automated hardening increases CIS compliance from 67.7% to 78%. Every change is recorded in the audit log down to the individual rule level.

Support for 10+ Linux distributions. Ubuntu 22.04/24.04, Debian 11/12, RHEL 8/9, CentOS 8/9, Oracle Linux, AlmaLinux, Rocky Linux, Amazon Linux 2/2023, Fedora, SLES 15, openSUSE Leap. A single tool for your entire server fleet.

LLM integration. Added support for ChatGPT and Azure LLM.

Russian Linux distributions. Added support for Astra Linux, RED OS, ALT Linux, Rosa Linux, OSnova, Simply Linux and other domestic distributions based on Debian/RHEL.

Problems It Solves

• Manual security configuration — automates routine operations for configuring hundreds of OS security parameters
• Lack of a unified standard — applies recognized CIS Benchmarks across all servers in the infrastructure
• Audit complexity — automatic generation of compliance reports with per-rule detail
• Risk of human error — uses proven roles instead of manual changes
• Lack of visibility — centralized dashboard with compliance metrics across the entire infrastructure

Key Capabilities

Compliance Scanning

• Server scanning for CIS Benchmark compliance
• Support for virtually all popular Linux distributions
• Detailed reports
• Compliance score trend tracking

Automated Hardening

• Automatic application of CIS recommendations
• Granular control: enable/disable individual rules
• CIS Level 1 and Level 2 profiles and many others
• Safe preview mode before applying changes

Centralized Management

• Web interface for managing hosts and tasks
• Scheduler for regular scanning (cron)

• Generate an SSH key pair to connect to your virtual machine (VM).

• Create a VM from a public image. In the Image/boot disk selection section, go to the Cloud Marketplace tab and choose haas. In the Access section:

  • In the Login field, enter a username, for example ubuntu;
  • In the SSH key field, paste the contents of your public SSH key file.
    Save the public IP address of the VM.

• Connect to the VM via SSH. Use the login your-username and the private SSH key you generated earlier.

• Connect to vm via ssh all credentials will be in the file /var/lib/haas/credentials.txt

• Open in your browser https://ip_vm

1. Security Audit Preparation

   • Full infrastructure scanning
   • Compliance report generation
   • Remediation of identified non-conformities

2. Regular Monitoring

   • Weekly scheduled scanning
   • Compliance trend tracking
   • Alerting on metric degradation

3. Mass Hardening

   • Centralized policy application
   • Phased implementation (Level 1 to Level 2)
   • Rollback capability when needed

OpenNix provides technical support to users in Yandex Cloud. You can contact their technical support by email at support@opennix.ru. Support engineers are available on business days from 9 am to 6 pm GMT+3.