CIS Benchmarks remediations prevent shiny server from being accessible

I created a new AWS EC2 instance with Ubuntu 20.04 Server as OS and R and Shiny Server as the only applications running on that server. The server is accessible as expected through http://private-ip:3838.

To harden the server, I then implemented v.1.0.0 of the CIS benchmarks.

After executing the script that implements more than hundred remediations automatically (Level 1 Server) I can't access the Shiny server anymore. Is anyone aware of a particular remediation step that prevents Shiny from being acessible as expected?

Many thanks in advance

I have no experience with the CIS benchmarks, but I expect that it enabled a security group such that port 3838 is no longer accessible.

When you connect to your EC2 instance using ssh, is shiny-server still running? Can you connect to http://localhost:3838 using curl?

If the answers are "yes" you should change the security group applied to the EC2 instance to allow incoming traffic on port 3838. Or configure Shiny server to listen on another port which is accessible from the outside.

1 Like

Many thanks for your response. Indeed, the server is still available through http://localhost:3838
And it pointed me towards the solution of this issue:

the CIS benchmarks script activated a firewall with ufw and denied incoming traffic through port 3838.
Executing sudo ufw allow 3838/tcpsolved the problem!

This topic was automatically closed 54 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.