How to enable CIS#


On Focal (and later releases), CIS was replaced by USG, therefore, just change cis to usg when running the enable command on those releases.

To access the CIS tooling, first enable the software repository as follows:

$ sudo pro enable cis

You should see output like the following, indicating that the CIS package has been installed:

Installing CIS Audit packages
CIS Audit enabled
Visit to learn how to use CIS

Once the feature is enabled please follow the documentation for the CIS tooling, to run the provided hardening audit scripts.

Disable the service#

If you wish to disable cis/usg, you can use the following command:

sudo pro disable cis

Note that this command will only remove the APT sources, but not uninstall the packages installed with the service.

To purge the service, removing the APT packages installed with it, see how to disable and purge services. This will not remove any configuration, only remove the packages.