SecureBaseline Cloud - All-in-One

Automated CIS Benchmarks Compliance for Linux Servers

SecureBaseline Cloud is a comprehensive security hardening platform that automates CIS Benchmark compliance scanning, remediation, and monitoring for Linux servers. Deploy as a single All-in-One VM with embedded PostgreSQL and Redis -- no external dependencies required.

Key Features

• Compliance Scanning -- OpenSCAP-based scanning against CIS Benchmarks Level 1 and Level 2 profiles
• Automated Hardening -- Ansible-powered remediation applies CIS rules with one click
• Vulnerability Scanning -- Vuls.io integration scans for CVEs across 5000+ advisories
• AI Assistant -- LLM-powered diagnostics, rule explanations, and remediation suggestions (Azure OpenAI, OpenAI compatible)
• Scheduling -- Automated periodic scans with compliance drift alerts
• Multi-OS Support -- Ubuntu 22.04/24.04, Debian 11/12, RHEL/CentOS/Alma/Rocky 8-9, Amazon Linux 2/2023, SLES 15, openSUSE Leap, Fedora
• FSTEC BDU -- Russian FSTEC vulnerability database integration (auto-synced)
• Reports -- Export compliance reports in JSON, CSV, HTML, and ARF formats

How It Works

1. Deploy the All-in-One VM from Azure Marketplace
2. Log in to the web UI (HTTPS, self-signed certificate)
3. Add target Linux hosts (SSH access required)
4. Select a CIS Benchmark profile and run a compliance scan
5. Review results and apply hardening with one click
6. Schedule periodic scans to monitor compliance drift

Architecture

Single VM with all components: API server, background worker, Nginx reverse proxy, PostgreSQL 16, Redis 7, Vuls vulnerability server, OpenSCAP scanner, and Ansible hardening engine. No external database or message queue required.

Recommended VM Sizes

• Standard_D4s_v3 (4 vCPU, 16 GB RAM) -- up to 50 managed hosts
• Standard_D8s_v3 (8 vCPU, 32 GB RAM) -- up to 200 managed hosts
• Standard_D16s_v3 (16 vCPU, 64 GB RAM) -- 200+ managed hosts