[RFE] 2024 CIS Benchmarks and associated documentation for Stable and LTS releases

[bignay2000]

Current situation

CIS folder in source code is over 2 years old https://github.com/flatcar/Flatcar/pull/682/files/9302533faf8f2f2e6ea9ea9e481302ed838a5c08 .
"CIS" search on Flatcar.org returns no results.
Unable to show server configuration is secure and configured to secure standards.

Impact

Unable to pass government audits. Flatcar is likely significantly more secure than other Linux distributions, however, still need CIS Benchmark reports to prove this to auditors.
 

Ideal future situation

https://www.cisecurity.org/cis-benchmarks should have a benchmark for Flatcar Linux.
Update https://github.com/flatcar/Flatcar/tree/main/CIS folder and publish the results with each build Stable and LTS builds.
Create a new page, https://www.flatcar.org/docs/latest/setup/security/CIS_Benchmarks - this page should have a high-level overview and then go into technical details of why an individual control is not applicable to the design of Flatcar. Goal should be to document the current results of the current Stable and LTS builds "as is" rather than coding fixes.

Implementation options

1. Partner with CIS Security org to get an official benchmark for Flatcar Linux
2. Alternatively work through the "Distribution Independent Linux" & "Docker" benchmarks guides

Additional information

Their used to be a CIS webpage for Flatcar a few years back, but appears to have disappeared. This webpage had some good highlights on why some of the CIS Benchmarks were not applicable to Flatcar due to its read only and no package manager secure by design nature...

Currently working in Azure and Flatcar does not integrate with security.microsoft.com to show vulnerabilities and recommendations in Azure. Thus need a CIS report to show compliance.