Add complianced_image related docs.

README.md

@@ -176,33 +176,39 @@ $ bash bin/hardening.sh --apply --only 99.99
 ### Harbian-audit benchmark for Debian GNU/Linux 9 
 This document is a description of the additions to the sections not included in the [CIS reference documentation](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/CIS_Debian_Linux_8_Benchmark_v1.0.0.pdf). Includes STIG reference documentation and additional checks recommended by the HardenedLinux community. 
 
-[harbian audit Debian Linux 9 Benchmark](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd)
+[CIS Debian GNU/Linux 8 Benchmark v1.0.0](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/CIS_Debian_Linux_8_Benchmark_v1.0.0.pdf)  
+[harbian audit Debian Linux 9 Benchmark](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd)  
 
 ### Manual Operation docs 
 [How to config grub2 password protection](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/examples/manual-operation-docs/how_to_config_grub2_password_protection.mkd)  
 [How to persistent iptables rules with debian 9](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/examples/manual-operation-docs/how_to_persistent_iptables_rules_with_debian_9.mkd)  
 
 ### Use cases docs  
-[Nodejs + redis + mysql demo](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/examples/use-cases/nodejs-redis-mysql-usecase/README.md) 
+[Nodejs + redis + mysql demo](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/examples/use-cases/nodejs-redis-mysql-usecase/README.md)  
 
 ## harbian-audit complianced image 
-The hardenedlinux community has created public AMI images for three different regions.
 
 ### AMI(Amazon Machine Image) Public
+The hardenedlinux community has created public AMI images for three different regions.
 
 Destination region: US East(Ohio)   
-AMI ID: ami-0574075020839f7e9   
+AMI ID: ami-0459b7f679f8941a4   
 AMI Name: harbian-audit complianced for Debian GNU/Linux 9   
 
 Destination region: EU(Frankfurt)  
-AMI ID: ami-0e26a1af7f07373bf  
+AMI ID: ami-022f30970530a0c5b   
 AMI Name: harbian-audit complianced for Debian GNU/Linux 9   
 
 Destination region: Asia Pacific(Tokyo)  
-AMI ID: ami-003de0c48c2711265  
+AMI ID: ami-003de0c48c2711265   
 AMI Name: harbian-audit complianced for Debian GNU/Linux 9   
 
-## harbian-audit License  
+### Docs 
+[how to creating and making an AMI public](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/complianced_image/how_to_creating_and_making_an_AMI_public.mkd)  
+[how to use harbian-audit complianced for GNU/Linux Debian 9](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/complianced_image/how_to_use_harbian_audit_complianced_Debian_9.mkd)  
+
+
+## harbian-audit License   
 GPL 3.0 
 
 ## OVH Disclaimer

docs/complianced_image/how_to_creating_and_making_an_AMI_public.mkd

@@ -117,26 +117,26 @@ $ history -cw
 
 ## Create AMI 
 
-![1](./picture_of_create_AMI/create-AMI-from-instance-1.png) 
-![2](./picture_of_create_AMI/create-AMI-from-instance-2.png) 
-![3](./picture_of_create_AMI/create-AMI-from-instance-3.png) 
-![4](./picture_of_create_AMI/create-AMI-from-instance-4.png) 
-![5](./picture_of_create_AMI/create-AMI-from-instance-5.png) 
-![6](./picture_of_create_AMI/create-AMI-from-instance-6.png) 
-![7](./picture_of_create_AMI/create-AMI-from-instance-7.png) 
-![8](./picture_of_create_AMI/create-AMI-from-instance-8.png) 
+![1](./picture/create-AMI-from-instance-1.png) 
+![2](./picture/create-AMI-from-instance-2.png) 
+![3](./picture/create-AMI-from-instance-3.png) 
+![4](./picture/create-AMI-from-instance-4.png) 
+![5](./picture/create-AMI-from-instance-5.png) 
+![6](./picture/create-AMI-from-instance-6.png) 
+![7](./picture/create-AMI-from-instance-7.png) 
+![8](./picture/create-AMI-from-instance-8.png) 
 
 ## Cross-Region AMI Copy 
 
-![9](./picture_of_create_AMI/create-AMI-from-instance-9.png) 
-![10](./picture_of_create_AMI/create-AMI-from-instance-10.png) 
-![11](./picture_of_create_AMI/create-AMI-from-instance-11.png) 
-![12](./picture_of_create_AMI/create-AMI-from-instance-12.png) 
-![13](./picture_of_create_AMI/create-AMI-from-instance-13.png) 
-![14](./picture_of_create_AMI/create-AMI-from-instance-14.png) 
-![15](./picture_of_create_AMI/create-AMI-from-instance-15.png) 
-![16](./picture_of_create_AMI/create-AMI-from-instance-16.png) 
-![17](./picture_of_create_AMI/create-AMI-from-instance-17.png)  
+![9](./picture/create-AMI-from-instance-9.png) 
+![10](./picture/create-AMI-from-instance-10.png) 
+![11](./picture/create-AMI-from-instance-11.png) 
+![12](./picture/create-AMI-from-instance-12.png) 
+![13](./picture/create-AMI-from-instance-13.png) 
+![14](./picture/create-AMI-from-instance-14.png) 
+![15](./picture/create-AMI-from-instance-15.png) 
+![16](./picture/create-AMI-from-instance-16.png) 
+![17](./picture/create-AMI-from-instance-17.png)  
 
 
 ## Reference 

docs/complianced_image/how_to_use_harbian_audit_complianced_Debian_9.mkd

@@ -0,0 +1,73 @@
+# How to use harbian-audit complianced Debian GNU/Linux 9  
+
+## Select Destination region: EU(Frankfurt)  
+![1](./picture/how-to-use-AMI-01.png)  
+
+## Search harbian-audit complianced for Debian GNU/Linux 9 in Community AMIs  
+![2](./picture/how-to-use-AMI-02.png)  
+
+## Configuration new instance  
+![3](./picture/how-to-use-AMI-03.png)  
+![4](./picture/how-to-use-AMI-04.png)  
+![5](./picture/how-to-use-AMI-05.png)  
+![6](./picture/how-to-use-AMI-06.png)  
+![7](./picture/how-to-use-AMI-07.png)  
+![8](./picture/how-to-use-AMI-08.png)  
+![9](./picture/how-to-use-AMI-09.png)  
+![10](./picture/how-to-use-AMI-10.png)  
+![11](./picture/how-to-use-AMI-11.png)  
+![12](./picture/how-to-use-AMI-12.png)  
+
+## View new instance status  
+![13](./picture/how-to-use-AMI-13.png)  
+
+## Connect new instance  
+![14](./picture/how-to-use-AMI-14.png)  
+![15](./picture/how-to-use-AMI-15.png)  
+
+## Use harbian-audit to check   
+```
+admin@ip-:~$ cd /opt/harbian-audit-master/
+admin@ip-:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --audit-all
+......
+
+################### SUMMARY ###################
+      Total Available Checks : 256
+         Total Runned Checks : 256
+         Total Passed Checks : [ 227/256 ]
+         Total Failed Checks : [  29/256 ]
+   Enabled Checks Percentage : 100.00 %
+       Conformity Percentage : 88.67 %
+```
+
+##  Description of some key check failure items   
+
+### 3.3 Set Boot Loader Password  
+```
+3.3_bootloader_password   [ KO ] ^set superusers not present in /boot/grub/grub.cfg
+3.3_bootloader_password   [ KO ] ^password_pbkdf2 not present in /boot/grub/grub.cfg
+3.3_bootloader_password   [ KO ] Check Failed
+```
+
+If need apply this item, please reference:
+[https://github.com/hardenedlinux/harbian-audit/blob/master/docs/examples/manual-operation-docs/how_to_config_grub2_password_protection.mkd](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/examples/manual-operation-docs/how_to_config_grub2_password_protection.mkd)   
+
+### 7.4.4 Create /etc/hosts.deny  
+```
+7.4.4_hosts_deny          [ KO ] ALL: ALL is not present in /etc/hosts.deny, we have to deny everything
+7.4.4_hosts_deny          [ KO ] Check Failed
+```
+If you can determine the address segment of the client you are accessing, you can apply this and add the address segment that can be accessed to /etc/hosts.allow.  
+
+### 10.1.7  Remove nopasswd option from the sudoers configuration  
+```
+10.1.7_remove_nopasswd_su [ KO ] NOPASSWD is set on /etc/sudoers.d/*, it's error conf
+10.1.7_remove_nopasswd_su [ KO ] Check Failed
+```  
+This item requires the user to fix it himself. When the AMI is created, a new instance will be automatically locked all user of OS when the AMI is created.  Fix it before need set passwd for all user of OS.  
+
+## Reference   
+[https://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/concepts.html](https://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/concepts.html)    
+
+
+