SecureBaseline Cloud

SecureBaseline Cloud is an automated hardening platform for Linux servers compliant with international CIS Benchmarks standards. The solution identifies and remediates operating system configuration vulnerabilities, ensuring compliance with information security requirements.

Problems Solved

• Manual security configuration — automates routine operations for configuring hundreds of OS security parameters
• Lack of unified standards — applies industry-recognized CIS Benchmarks across all infrastructure servers
• Audit complexity — automatically generates compliance reports with per-rule detail
• Human error risk — uses proven Ansible roles instead of manual changes
• Lack of visibility — centralized dashboard with compliance metrics across entire infrastructure

Key Features

Compliance Scanning (OpenSCAP)

• Server scanning for CIS Benchmark compliance
• Support for Ubuntu 20.04/22.04, Debian 11/12, RHEL/CentOS/Oracle Linux 8/9, Amazon Linux 2023 and many other
• Detailed reports in HTML, XML, PDF formats
• Compliance score tracking over time

Automated Hardening

• Automatic application of CIS recommendations
• Granular control: enable/disable individual rules
• CIS Level 1 and Level 2 profiles
• Safe preview mode for changes

Centralized Management

• Web interface for host and task management
• Scheduler for regular scanning (cron)

• Generate an SSH key pair to connect to your virtual machine (VM).

• Create a VM from a public image. In the Image/boot disk selection section, go to the Cloud Marketplace tab and choose haas. In the Access section:

  • In the Login field, enter a username, for example ubuntu;
  • In the SSH key field, paste the contents of your public SSH key file.
    Save the public IP address of the VM.

• Connect to the VM via SSH. Use the login your-username and the private SSH key you generated earlier.

• Connect to vm via ssh all credentials will be in the file /var/lib/haas/credentials.txt

1. Security Audit Preparation

   • Full infrastructure scanning
   • Compliance report generation
   • Remediation of identified non-conformities

2. Regular Monitoring

   • Weekly scheduled scanning
   • Compliance trend tracking
   • Alerting on metric degradation

3. Mass Hardening

   • Centralized policy application
   • Phased implementation (Level 1 to Level 2)
   • Rollback capability when needed

OpenNix provides technical support to users in Yandex Cloud. You can contact their technical support by email at support@opennix.ru. Support engineers are available on business days from 9 am to 6 pm GMT+3.