I have successfully gotten CIS baseline policy checks working in a portion of our environment. CIS CentOS Linux Benchmarks The scanning engine already had root access - authentication tests worked fine, all is well.
In a separate portion of the environment - different management/administration - I am being told root access - either via UID 0 or sudo - is not going to happen. I have it on a single test system and I can get my checks working just fine with a "sudo -s" authentication record. But I am NOT going to get root access anywhere else by any means.
My take is that makes it practically impossible to do most of the required CIS file existence/content/permissions checks as much of the most significant material is root only.
Is there a way (ideally not too cumbersome) to get around this? I would prefer to keep the compliance check process as similar as possible between the 2 environments - but am not very hopeful.