Automation-Driven Security Baselines for Hardened Linux and Windows System
DOI:
https://doi.org/10.63282/3050-9416.IJAIBDCMS-V7I1P143Keywords:
Security Baselines, System Hardening, Configuration Management, Ansible, CIS Benchmarks, DISA STIG, Windows Security, Linux Security, Automation, ComplianceAbstract
Establishing secure configuration baselines is a foundational practice in enterprise cybersecurity. Misconfigured operating systems frequently expose critical services, weak authentication policies, and unnecessary privileges that increase attack surfaces. In modern enterprise environments consisting of hybrid infrastructure, manual system hardening is increasingly impractical due to scale, complexity, and configuration drift. This study examines automation-driven approaches to implementing and maintaining security baselines for Linux and Windows systems. Drawing upon established frameworks such as the Center for Internet Security (CIS) Benchmarks and the Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs), the research analyzes how configuration management tools including Ansible, Puppet, Chef InSpec, and Microsoft Group Policy Objects (GPOs) enable repeatable, scalable, and auditable security enforcement. The paper further explores the integration of baseline enforcement into DevSecOps pipelines and policy-as-code frameworks to enable continuous compliance and automated remediation. Findings indicate that automation significantly improves consistency, reduces configuration drift, and enhances audit readiness across enterprise environments. The study concludes that automated baseline enforcement is a critical component of modern cyber defense strategies
References
1. Center for Internet Security, CIS Benchmarks, 2023. [Online]. Available: https://www.cisecurity.org
2. Defense Information Systems Agency, Security Technical Implementation Guides (STIGs), 2022. [Online]. Available: https://public.cyber.mil/stigs/
3. F. Ahmed, Cloud Security Posture Management: Automating Security Policy Enforcement in Cloud Environments, 2023.
4. J. Mustonen, Designing a Security Framework for Enhanced Monitoring and Secure Development, LUT University, 2024.
5. R. Brandon and P. Gabriel, “Integrating configuration-as-code with DevSecOps for continuous Linux system security assurance,” 2024.
6. K. Donna and R. Gary, “Automating Linux security compliance through configuration-as-code and continuous validation pipelines,” 2024.
7. N. K. K. R. Yelkoti, “Security as code: An architectural framework for automated risk mitigation in DevSecOps pipelines,” Journal of Computer Science and Technology, 2025.
8. G. P. Rusum, “Security-as-code: Embedding policy-driven security in CI/CD workflows,” International Journal of AI and Data Science, 2022.
9. G. Sujatha, “System hardening using CIS benchmarks,” Proceedings of the International Conference on Advances in Computing, 2024.
10. K. Ameur, M. Meissa, and F. Kahlessenane, “Configuration management automation: A comparative study,” 2024.
11. A. B. Ojel and J. I. Teleron, “Configuration management and automation tools: A comparative analysis,” International Journal of Engineering Research, 2025.
12. M. Sinan, M. Shahin, and I. Gondal, “Integrating security controls in DevSecOps: Challenges and solutions,” Journal of Software: Evolution and Process, 2025.
13. B. Singh, “Automating security testing in CI/CD pipelines using DevSecOps tools,” 2025.
14. P. Gillespie, “Security compliance in large enterprise systems utilizing DevOps: An exploratory study,” 2024.
15. D. S. D’Onofrio, M. L. Fusco, and H. Zhong, “CI/CD pipeline and DevSecOps integration for security,” 2023.
16. A. Mittal, “AI-enabled DevSecOps for secure cloud deployments,” in Revolutionizing the Cloud: Generative AI, Security, and Automation, Springer, 2026.
17. E. Vance, M. Thorne, and A. Sharma, “Continuous compliance and security drift prevention using CIS standards,” 2024.
18. A. Gabriel, “Continuous compliance monitoring for Linux servers using configuration-as-code,” 2024.
19. G. Malik, “Security at scale: Automating vulnerability triage and risk-based management in CI/CD pipelines,” 2024.
20. E. U. Islam and P. Kumar, Impact of DevSecOps on Software Development Lifecycle and Security Efficiency, LUT University, 2024.
