security-hardening

There are 74 repositories under security-hardening topic.

• imthenachoman / How-To-Secure-A-Linux-Server

  An evolving how-to guide for securing a Linux server.

  linuxhardeninghardening-stepssecuritysecurity-hardeningserverlinux-servercc-by-sa
  17322

• CISOfy / lynis

  Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  shelllinuxpci-dsscompliancesecurity-auditsecurity-hardeningsecurity-scannersecurity-vulnerabilityhipaaunixvulnerability-detectionvulnerability-scannersvulnerability-assessmentdevopsdevops-toolssystem-hardeninghardeningauditinggdprsecurity-tools
  Language:Shell 13095

• future-architect / vuls

  Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  vulsvulnerability-scannersgolanggolinuxfreebsdvulnerability-detectionsecuritysecurity-toolscybersecuritysecurity-vulnerabilitysecurity-scannersecurity-hardeningsecurity-automationsecurity-auditvulnerability-assessmentvulnerability-managementvulnerability-scannervulnerabilitiesadministrator
  Language:Go 10926
• prowler

  prowler-cloud / prowler

  Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  awsazurecis-benchmarkcloudcompliancedevsecopsforensicsgcpgdprhardeningiammulti-cloudpythonsecuritysecurity-auditsecurity-hardeningsecurity-toolswell-architected
  Language:Python 10641

• wazuh / wazuh

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  cloud-securitycomplianceconfiguration-assessementcontainer-securitycybersecurityfile-integrity-monitoringincident-responseinfoseclog-analysismalware-detectionpci-dsssecuritysecurity-auditsecurity-automationsecurity-hardeningsecurity-toolssiemvulnerability-detectionwazuhxdr
  Language:C++ 10527

• decalage2 / awesome-security-hardening

  A collection of awesome security hardening guides, tools and other resources

  awesome-listbest-practicesblue-teamblueteamcis-benchmarkscomputer-securitycyber-securitycybersecurityinfoseclinux-hardeningsecuritysecurity-hardeningsecurity-toolswindows-hardening
  5421

• undergroundwires / privacy.sexy

  Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy

  bloatwarebloatware-removalcleanupcybersecuritydebloatdebloaterdebotnetdomain-driven-designlinuxmacosprivacyprivacy-protectionprivacy-toolssecuritysecurity-hardeningsecurity-toolsecurity-toolstweaks-collectionwindows10windows11
  Language:TypeScript 4041

• immunant / c2rust

  Migrate C code to Rust

  memory-safetymigrationrustsecurity-hardeningtranslationtranspiler
  Language:Rust 3949

• pyllyukko / user.js

  user.js -- Firefox configuration hardening

  mozilla-firefoxprivacyfirefoxsecuritysecurity-hardeningmozilla
  Language:JavaScript 2751

• ComplianceAsCode / content

  Security automation content in SCAP, Bash, Ansible, and other formats

  securitycompliancescapxccdfovalcpecceusgcbpci-dssosppstigapplication-securitysecurity-toolssecurity-hardeningsecurity-automationsecurity-profilehardeninginformation-securitycybersecurityansible
  Language:Shell 2169

• intika / Librefox

  Librefox: Firefox with privacy enhancements

  addonandroid-appandroid-applicationanti-fingerprintingbrowserextensions-firewallfirefoxfree-softwarefreedomlibrelibre-softwarelibresoftwarelinux-appmac-appmozillamozilla-firefoxprivacysecuritysecurity-hardeningwindows-app
  Language:JavaScript 1721

• HotCakeX / Harden-Windows-Security

  Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md

  defenderfirewall-configurationhardenpowershell-scriptsecuritysecurity-hardeningwindows11powershellbitlockerencryptiontpm2wdacwindowswindowsdefenderapplicationcontrolmoduleproactiveenterprise-security1st-party-securityoperation-system-security
  Language:C# 1684
• sandboxed-api

  google / sandboxed-api

  Generate sandboxes for C/C++ libraries automatically

  apache-license-2cpluspluscplusplus-17sandboxsandboxingsapisecuritysecurity-hardening
  Language:C++ 1658

• konstruktoid / hardening

  Hardening Ubuntu. Systemd edition.

  ubuntuubuntu-servershellhardeningsecuritysecurity-hardeningsystemdsecurity-toolssecurity-automationsecurity-complianceinformation-securityhacktoberfest
  Language:Shell 1363

• eliotsykes / rails-security-checklist

  :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

  checklistrailsrails-securityrails-security-checklistruby-on-railssecuritysecurity-auditsecurity-hardening
  Language:Ruby 1355

• denji / golang-tls

  Simple Golang HTTPS/TLS Examples

  awesomegogolanghttp2httpclienthttpshttps-serverlibresslopensslsecuresecuritysecurity-auditsecurity-hardeningsecurity-scannersecurity-toolstools
  1252

• nozaq / terraform-aws-secure-baseline

  Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

  terraformawssecuritysecurity-hardeningterraform-moduleshardeningcis-benchmarkaws-auditingsecurity-toolsdevopsterraform-module
  Language:HCL 1137

• USBGuard / usbguard

  USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)

  blacklistc-plus-plushacktoberfestlinuxrule-languagesecuritysecurity-hardeningusbusb-deviceswhitelist
  Language:C++ 1119

• alichtman / stronghold

  Easily configure macOS security settings from the terminal.

  macos-setupmacossecurityosxsecurity-hardeninghardeningcommand-line-toolcommand-line
  Language:Python 1090
• Windows11_Hardening

  beerisgood / Windows11_Hardening

  a collection about Windows 11

  hardeningwindows10security-hardeningwindows-defenderdefender-credential-guarddefender-application-guardsecuritywindows11windowsmicrosoft
  1082

• blabla1337 / skf-flask

  Security Knowledge Framework (SKF) Python Flask / Angular project

  owasp-skfsecure-by-defaultsecure-codingsecuritysecurity-auditsecurity-frameworksecurity-hardeningsecurity-knowledgesecurity-requirementssecurity-standardssecurity-training
  Language:HTML 810

• jvoisin / snuffleupagus

  Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

  php7securityhardeningcphpelephantphp-modulesecurity-hardening
  Language:PHP 767

• Jsitech / JShielder

  Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark

  linuxcis-benchmarklinux-serverhardeningubuntu-servercentos7lamp-stackhardening-stepsiptablesubuntu1604ubuntu1804security-hardeningsystem-hardeningmodsecuritylamp-deployerlemp-deployer
  Language:PHP 756

• appvia / krane

  Kubernetes RBAC static analysis & visualisation tool

  analysisk8skubernetesrbacrbac-configurationrbac-managementrbac-rolesredisgraphrole-based-access-controlsecuritysecurity-hardeningsecurity-scannersecurity-toolsstatic-analysisvisualisation
  Language:Ruby 674

• wazuh / wazuh-docker

  Wazuh - Docker containers

  compliancedockerelasticsearchfile-integrity-managementhacktoberfesthacktoberfest-acceptedidsincident-responseintrusion-detectionlog-analysisloganalyzermonitoringossecpci-dsspolicy-monitoringsecuritysecurity-awarenesssecurity-hardeningvulnerability-detectionwazuh
  Language:Shell 674

• google / go-safeweb

  Secure-by-default HTTP servers in Go.

  security-hardeningsecuritygolanghttp-serverhttp
  Language:Go 667

• step-security / harden-runner

  Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

  github-actionsactionssupply-chain-securityhardeningsecurity-hardeningrunnersegress-filteringnetwork-securityruntime-security
  Language:TypeScript 603

• konstruktoid / ansible-role-hardening

  Ansible role to apply a security baseline. Systemd edition.

  ansiblesystemdauditdubuntucentoshardeningsecuritysecurity-hardeningvagrantopenscapinformation-securitysecurity-toolssecurity-compliancedebianalmalinuxhacktoberfestamazon-linux
  Language:Jinja 529

• ansible-lockdown / RHEL7-CIS

  Ansible role for Red Hat 7 CIS Baseline

  cissecurity-hardeningrhel7ansible-rolesecurityhardeningcompliance-automationredhat7redhat-ansiblecompliance-as-coderedhatsecurity-automationsecurity-toolsbenchmarkbenchmark-frameworkcis-benchmark
  Language:YAML 473

• FusionAuth / security-scripts

  Scripts built from our Guide to User Data Security

  security-hardeningchef-recipessecurityfusionauth
  Language:Shell 443

• cagataycali / xss-listener

  🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

  xssxss-attackssecurity-hardeningsecurity-toolsxss-harvestxss-harvester
  Language:JavaScript 436

• wazuh / wazuh-dashboard-plugins

  Plugins for Wazuh Dashboard

  wazuhossecsecurityloganalyzercompliancemonitoringintrusion-detectionpolicy-monitoringopenscapsecurity-hardeningidspci-dssfile-integrity-managementsecurity-awarenesslog-analysisvulnerability-detectionincident-responsegdpropensearch-dashboardsopensearch-plugins
  Language:TypeScript 429
• PHP-Login-System

  msaad1999 / PHP-Login-System

  Embeddable and Secure PHP Authentication System with Login, Signup, User Profiles, Profile Editing, Account Verification via Email, Password Reset System, Remember-Me Feature and more.

  authentication-frameworklogin-systemaccount-verificationphpaccount-activationremember-mepassword-resetsecurecsrf-protectionheader-injectionsql-injection-filterersecurity-hardeningprofile-editingregistrationphp-loginprofile-imagedatabaseprofile-pagesqlprofile
  Language:PHP 427

• slsa-framework / slsa-github-generator

  Language-agnostic SLSA provenance generation for Github Actions

  securitysecurity-hardeningsecurity-toolsslsaslsaprovenance
  Language:Go 417

• wazuh / wazuh-ruleset

  Wazuh - Ruleset

  wazuhossecsecurityloganalyzercompliancemonitoringintrusion-detectionpolicy-monitoringelasticsearchopenscapsecurity-hardeningidspci-dssfile-integrity-managementsecurity-awarenesslog-analysisvulnerability-detectionincident-response
  Language:Python 417

• marshyski / quick-secure

  Quickly secure UNIX/Linux systems

  linuxsecuritysecurity-hardeningdockerdocker-security
  Language:Shell 413