OSSEC Policy monitor can check if a system is in compliance with the CIS Security Benchmark for Debian. OSSEC will only test Debian and Ubuntu/Kubuntu/Xubuntu systems according to this standard.
For every test that failed, you will receive an alert describing which section of the benchmark that failed. For example:
System Audit: CIS - Debian Linux 1.4 - Robust partition scheme - /var not on its own partition.
The above alert says that the system doesn’t have a robust partition scheme as required by the section 1.4 of the benchmark.
To receive more information about each section, please visit http://www.cisecurity.org to download the benchmarks and learn how to solve the problem.
The CIS Debian Benchmark v1.0 is available at: http://www.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf.