hardening

There are 50 repositories under hardening topic.

• imthenachoman / How-To-Secure-A-Linux-Server

  An evolving how-to guide for securing a Linux server.

  cc-by-sahardeninghardening-stepslinuxlinux-serversecuritysecurity-hardeningserver
  16771

• CISOfy / lynis

  Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  shelllinuxpci-dsscompliancesecurity-auditsecurity-hardeningsecurity-scannersecurity-vulnerabilityhipaaunixvulnerability-detectionvulnerability-scannersvulnerability-assessmentdevopsdevops-toolssystem-hardeninghardeningauditinggdprsecurity-tools
  Language:Shell 12581

• drduh / YubiKey-Guide

  Guide to using YubiKey for GnuPG and SSH

  gnupggpggpg-agentgpg-configurationhardeningpgpremote-accessrsa-cryptographysecuritysmartcardsshyubikey
  Language:HTML 10788

• trimstray / the-practical-linux-hardening-guide

  This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).

  auditcentoschecklistcisguidehardeninglinuxlinux-hardeninglinux-securitymanualopenscappci-dssredhat-enterprise-linuxsecurity
  9703
• prowler

  prowler-cloud / prowler

  Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  securitysecurity-toolssecurity-auditsecurity-hardeninghardeningawscis-benchmarkcompliancegdprforensicscloudwell-architecteddevsecopsazureiampythongcpmulti-cloud
  Language:Python 9639

• dev-sec / ansible-collection-hardening

  This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

  ansiblesysctlprotectionhardeningroleplaybooklinuxos-hardeningcollectionmysql-hardeningssh-hardeningdevsecnginxnginx-hardeningansible-collectionhacktoberfest
  Language:Jinja 3704
• bunkerweb

  bunkerity / bunkerweb

  🛡️ Make your web services secure by default !

  nginxmodsecuritydockersecuritydnsblreverse-proxybunkerized-nginxhardeningweb-securitysecurity-tuningcybersecuritydevsecopsantibotletsencryptswarmkubernetesdevopshostingwafweb-application-firewall
  Language:Python 3515

• hardentools / hardentools

  Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.

  hardeningsecuritywindows
  Language:Go 2815

• 0x6d69636b / windows_hardening

  HardeningKitty and Windows Hardening settings and configurations

  windowshardeningsecuritywindows-10blueteamdefenseauditpowershellwindows-hardeningregistrychecklistcompliance
  Language:PowerShell 2178

• ComplianceAsCode / content

  Security automation content in SCAP, Bash, Ansible, and other formats

  securitycompliancescapxccdfovalcpecceusgcbpci-dssosppstigapplication-securitysecurity-toolssecurity-hardeningsecurity-automationsecurity-profilehardeninginformation-securitycybersecurityansible
  Language:Shell 2093

• PaulSec / awesome-windows-domain-hardening

  A curated list of awesome Security Hardening techniques for Windows.

  windowshardeningsecurity
  1713

• konstruktoid / hardening

  Hardening Ubuntu. Systemd edition.

  ubuntuubuntu-servershellhardeningsecuritysecurity-hardeningsystemdsecurity-toolssecurity-automationsecurity-complianceinformation-securityhacktoberfest
  Language:Shell 1317

• stampery / mongoaudit

  🔥 A powerful MongoDB auditing and pentesting tool 🔥

  authenticationclidatabaseencryptionhardeninginfosecmongodbpentesting
  Language:Python 1309
• Windows-11-Guide

  mikeroyal / Windows-11-Guide

  Windows 10/11 Guide. Including Windows Security tools, Encryption, Nextcloud, Graphics, Gaming, Virtualization, Windows Subsystem for Linux (WSL 2), Software Apps, and Resources.

  windows-11windows11privacy-protectionwindows-terminaloptimizationwinui3tweakswindows-defendergamingwindows-subsystem-linuxvisual-studio-codewinuiuwphardeningwindows-desktopdebloatwslactive-directorynextcloudwindows10
  Language:C# 1265

• GrapheneOS / hardened_malloc

  Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

  grapheneoshardeningmallocmalloc-librarymemorymemory-allocationmemory-allocatorquarantinesecurityslab-allocator
  Language:C 1173

• scipag / HardeningKitty

  HardeningKitty - Checks and hardens your Windows configuration

  windowswindows-10windows-serverhardeningauditchecklistpowershelldefenseblueteamsecurityregistry
  Language:PowerShell 1163

• nozaq / terraform-aws-secure-baseline

  Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

  terraformawssecuritysecurity-hardeningterraform-moduleshardeningcis-benchmarkaws-auditingsecurity-toolsdevopsterraform-module
  Language:HCL 1120

• alichtman / stronghold

  Easily configure macOS security settings from the terminal.

  macos-setupmacossecurityosxsecurity-hardeninghardeningcommand-line-toolcommand-line
  Language:Python 1068
• Windows-Optimize-Harden-Debloat

  simeononsecurity / Windows-Optimize-Harden-Debloat

  Enhance the security and privacy of your Windows 10 and Windows 11 deployments with our fully optimized, hardened, and debloated script. Adhere to industry best practices and Department of Defense STIG/SRG requirements for optimal performance and security.

  windowsstig-compliantmitigationsprivacyautomationdebotnetwindows10hardware-requirementsmicrosofthardendebloatcyberstigswindows-defenderprivacy-scriptwindows-desktopwindows-10telemetryhardeningsecurity
  Language:PowerShell 1038
• Windows11_Hardening

  beerisgood / Windows11_Hardening

  a collection about Windows 11

  hardeningwindows10security-hardeningwindows-defenderdefender-credential-guarddefender-application-guardsecuritywindows11windowsmicrosoft
  995
• grapheneX

  grapheneX / grapheneX

  Automated System Hardening Framework

  hacktoberfesthardeninghardening-commandssecurity
  Language:Python 914

• dev-sec / ansible-ssh-hardening

  This Ansible role provides numerous security-related ssh configurations, providing all-round base protection.

  ansiblessh-configurationplaybookrolehardeningprotectionssh-serverssh-agentssh-hardeningssh
  Language:HTML 773

• dev-sec / linux-baseline

  DevSec Linux Baseline - InSpec Profile

  inspecauditsecuritydevsecbaselinehardeninglinux
  Language:Ruby 757

• Jsitech / JShielder

  Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark

  linuxcis-benchmarklinux-serverhardeningubuntu-servercentos7lamp-stackhardening-stepsiptablesubuntu1604ubuntu1804security-hardeningsystem-hardeningmodsecuritylamp-deployerlemp-deployer
  Language:PHP 736

• jvoisin / snuffleupagus

  Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

  celephanthardeningphpphp-modulephp7securitysecurity-hardening
  Language:PHP 734

• DenizParlak / Zeus

  AWS Auditing & Hardening Tool

  cloudtrailaws-auditinghardeningaws-hardeningaws
  Language:Shell 704

• step-security / harden-runner

  Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

  actionsegress-filteringgithub-actionshardeningnetwork-securityrunnersruntime-securitysecurity-hardeningsupply-chain-security
  Language:TypeScript 525

• konstruktoid / ansible-role-hardening

  Ansible role to apply a security baseline. Systemd edition.

  ansiblesystemdauditdubuntucentoshardeningsecuritysecurity-hardeningvagrantopenscapinformation-securitysecurity-toolssecurity-compliancedebianalmalinuxhacktoberfestamazon-linux
  Language:Jinja 502

• dev-sec / cis-docker-benchmark

  CIS Docker Benchmark - InSpec Profile

  cis-docker-benchmarkinspecdockersecurityhardening
  Language:Ruby 475

• ansible-lockdown / RHEL7-CIS

  Ansible role for Red Hat 7 CIS Baseline

  cissecurity-hardeningrhel7ansible-rolesecurityhardeningcompliance-automationredhat7redhat-ansiblecompliance-as-coderedhatsecurity-automationsecurity-toolsbenchmarkbenchmark-frameworkcis-benchmark
  Language:YAML 473

• ibrahimjelliti / CKSS-Certified-Kubernetes-Security-Specialist

  This repository is a collection of resources to prepare for the Certified Kubernetes Security Specialist (CKSS) exam.

  kubernetessecuritycertificationhardeninggolangcncfcloud-nativevulnerabilitiesmonitoringloggingclusterckssckscks-examcluster-hardeningkubernetes-platformssecuring-kubernetes
  Language:HTML 467

• sektioneins / suhosin

  SUHOSIN [수호신] for PHP 5.x - The PHP security extension.

  suhosinphphardening
  Language:C 467

• xen0l / aws-gate

  Better AWS SSM Session manager CLI client

  awsaws-ssmsession-managercliec2-instancesec2aws-ssm-agentsshaccess-controliam-accessscpssh-sessionssh-supporthardening
  Language:Python 444

• dev-sec / chef-os-hardening

  This chef cookbook provides numerous security-related configurations, providing all-round base protection.

  hardeningdevopslinuxsecuritychefchef-cookbook
  Language:Ruby 432

• lkrg-org / lkrg

  Linux Kernel Runtime Guard

  linuxkernelsecurityhardeningintegrity
  Language:C 397

• gildasio / h2t

  h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

  securityweb-application-securitydefensehardeninghttpheaders
  Language:Python 387