hardening

There are 58 repositories under hardening topic.

• imthenachoman / How-To-Secure-A-Linux-Server

  An evolving how-to guide for securing a Linux server.

  linuxhardeninghardening-stepssecuritysecurity-hardeningserverlinux-servercc-by-sa
  19506

• CISOfy / lynis

  Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  shelllinuxpci-dsscompliancesecurity-auditsecurity-hardeningsecurity-scannersecurity-vulnerabilityhipaaunixvulnerability-detectionvulnerability-scannersvulnerability-assessmentdevopsdevops-toolssystem-hardeninghardeningauditinggdprsecurity-tools
  Language:Shell 14645
• prowler

  prowler-cloud / prowler

  Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

  awsazurecis-benchmarkcloudcloudsecuritycompliancecspmdevsecopsforensicsgcpgdprhardeningiammulti-cloudpythonsecuritysecurity-auditsecurity-hardeningsecurity-toolswell-architected
  Language:Python 12101

• drduh / YubiKey-Guide

  Community guide to using YubiKey for GnuPG and SSH - protect secrets with hardware crypto.

  gnupggpggpg-agentgpg-configurationhardeningpgpremote-accessrsa-cryptographysecuritysmartcardsshyubikey
  Language:HTML 11886

• trimstray / the-practical-linux-hardening-guide

  This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).

  linuxlinux-hardeninglinux-securitysecurityhardeningauditguidemanualchecklistcispci-dssopenscapredhat-enterprise-linuxcentos
  10266
• bunkerweb

  bunkerity / bunkerweb

  🛡️ Open-source and next-generation Web Application Firewall (WAF)

  nginxmodsecuritydockersecuritydnsblreverse-proxybunkerized-nginxhardeningweb-securitysecurity-tuningcybersecuritydevsecopsantibotletsencryptswarmkubernetesdevopshostingwafweb-application-firewall
  Language:Python 9069

• dev-sec / ansible-collection-hardening

  This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

  ansibleansible-collectioncollectiondevsechacktoberfesthardeninglinuxmysql-hardeningnginxnginx-hardeningos-hardeningplaybookprotectionrolessh-hardeningsysctl
  Language:Jinja 4579

• hardentools / hardentools

  Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.

  hardeningsecuritywindows
  Language:Go 2949

• ComplianceAsCode / content

  Security automation content in SCAP, Bash, Ansible, and other formats

  ansibleapplication-securityccecompliancecpecybersecurityhardeninginformation-securityosppovalpci-dssscapsecuritysecurity-automationsecurity-hardeningsecurity-profilesecurity-toolsstigusgcbxccdf
  Language:Shell 2531

• 0x6d69636b / windows_hardening

  HardeningKitty and Windows Hardening Settings

  windowshardeningsecuritywindows-10blueteamdefenseauditpowershellwindows-hardeningregistrychecklistcompliancebsicissecurity-baselinesisyphusstigwindows-11windows-server
  Language:PowerShell 2526

• PaulSec / awesome-windows-domain-hardening

  A curated list of awesome Security Hardening techniques for Windows.

  hardeningsecuritywindows
  1766
• Windows-11-Guide

  mikeroyal / Windows-11-Guide

  Windows 10/11 Guide. Including Windows Security tools, Encryption, Nextcloud, Graphics, Gaming, Virtualization, Windows Subsystem for Linux (WSL 2), Software Apps, and Resources.

  windows-11windows11privacy-protectionwindows-terminaloptimizationwinui3tweakswindows-defendergamingwindows-subsystem-linuxvisual-studio-codewinuiuwphardeningwindows-desktopdebloatwslactive-directorynextcloudwindows10
  Language:C# 1661

• scipag / HardeningKitty

  HardeningKitty - Checks and hardens your Windows configuration

  auditblueteamchecklistdefensehardeningpowershellregistrysecuritywindowswindows-10windows-server
  Language:PowerShell 1594

• konstruktoid / hardening

  Hardening Ubuntu. Systemd edition.

  hacktoberfesthardeninginformation-securitysecuritysecurity-automationsecurity-compliancesecurity-hardeningsecurity-toolsshellsystemdubuntuubuntu-server
  Language:Shell 1434

• GrapheneOS / hardened_malloc

  Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

  grapheneoshardeningmallocmalloc-librarymemorymemory-allocationmemory-allocatorquarantinesecurityslab-allocator
  Language:C 1388

• stampery / mongoaudit

  🔥 A powerful MongoDB auditing and pentesting tool 🔥

  authenticationclidatabaseencryptionhardeninginfosecmongodbpentesting
  Language:Python 1323
• Windows-Optimize-Harden-Debloat

  simeononsecurity / Windows-Optimize-Harden-Debloat

  Enhance the security and privacy of your Windows 10 and Windows 11 deployments with our fully optimized, hardened, and debloated script. Adhere to industry best practices and Department of Defense STIG/SRG requirements for optimal performance and security.

  windowsstig-compliantmitigationsprivacyautomationdebotnetwindows10hardware-requirementsmicrosofthardendebloatcyberstigswindows-defenderprivacy-scriptwindows-desktopwindows-10telemetryhardeningsecurity
  Language:PowerShell 1315
• Windows11_Hardening

  beerisgood / Windows11_Hardening

  a collection about Windows 11

  defender-application-guarddefender-credential-guardhardeningmicrosoftsecuritysecurity-hardeningwindowswindows-defenderwindows10windows11
  1183

• nozaq / terraform-aws-secure-baseline

  Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

  terraformawssecuritysecurity-hardeningterraform-moduleshardeningcis-benchmarkaws-auditingsecurity-toolsdevopsterraform-module
  Language:HCL 1183

• alichtman / stronghold

  Easily configure macOS security settings from the terminal.

  command-linecommand-line-toolhardeningmacosmacos-setuposxsecuritysecurity-hardening
  Language:Python 1125
• grapheneX

  grapheneX / grapheneX

  Automated System Hardening Framework

  hacktoberfesthardeninghardening-commandssecurity
  Language:Python 982

• step-security / harden-runner

  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.

  github-actionsactionssupply-chain-securityhardeningsecurity-hardeningrunnersegress-filteringnetwork-securityruntime-security
  Language:TypeScript 877

• jvoisin / snuffleupagus

  Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

  php7securityhardeningcphpelephantphp-modulesecurity-hardening
  Language:PHP 818

• dev-sec / linux-baseline

  DevSec Linux Baseline - InSpec Profile

  auditbaselinedevsechardeninginspeclinuxsecurity
  Language:Ruby 802

• Jsitech / JShielder

  Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark

  linuxcis-benchmarklinux-serverhardeningubuntu-servercentos7lamp-stackhardening-stepsiptablesubuntu1604ubuntu1804security-hardeningsystem-hardeningmodsecuritylamp-deployerlemp-deployer
  Language:PHP 779

• dev-sec / ansible-ssh-hardening

  This Ansible role provides numerous security-related ssh configurations, providing all-round base protection.

  ansiblessh-configurationplaybookrolehardeningprotectionssh-serverssh-agentssh-hardeningssh
  Language:HTML 778

• DenizParlak / Zeus

  AWS Auditing & Hardening Tool

  cloudtrailaws-auditinghardeningaws-hardeningaws
  Language:Shell 711

• roddhjav / apparmor.d

  Full set of AppArmor policies

  apparmormandatory-access-controlsecurityhardeningapparmor-profileslinuxapparmor-profilerole-based-access-control
  Language:Go 652

• konstruktoid / ansible-role-hardening

  Ansible role to apply a security baseline. Systemd edition.

  almalinuxamazon-linuxansibleauditdcentosdebianhacktoberfesthardeninginformation-securityopenscapsecuritysecurity-compliancesecurity-hardeningsecurity-toolssystemdubuntuvagrant
  Language:Jinja 560

• Normation / rudder

  Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.

  auditingautomationcomplianceconfiguration-managementcontinuous-configurationdevopshardeningpatch-managementsecopssecuritysecurity-posture
  Language:Scala 540

• xen0l / aws-gate

  Better AWS SSM Session manager CLI client

  awsaws-ssmsession-managercliec2-instancesec2aws-ssm-agentsshaccess-controliam-accessscpssh-sessionssh-supporthardening
  Language:Python 516

• dev-sec / cis-docker-benchmark

  CIS Docker Benchmark - InSpec Profile

  cis-docker-benchmarkinspecdockersecurityhardening
  Language:Ruby 504

• ibrahimjelliti / CKSS-Certified-Kubernetes-Security-Specialist

  This repository is a collection of resources to prepare for the Certified Kubernetes Security Specialist (CKSS) exam.

  kubernetessecuritycertificationhardeninggolangcncfcloud-nativevulnerabilitiesmonitoringloggingclusterckssckscks-examcluster-hardeningkubernetes-platformssecuring-kubernetes
  Language:HTML 481

• sektioneins / suhosin

  SUHOSIN [수호신] for PHP 5.x - The PHP security extension.

  hardeningphpsuhosin
  Language:C 469

• dolevf / graphql-cop

  Security Auditor Utility for GraphQL APIs

  auditingblue-teamgraphqlhackinghardeningpenetration-testingred-teamsecurity
  Language:Python 446

• dev-sec / chef-os-hardening

  This chef cookbook provides numerous security-related configurations, providing all-round base protection.

  hardeningdevopslinuxsecuritychefchef-cookbook
  Language:Ruby 443