RHEL7-STIG - Ansible role for RedHat 7 STIG Baseline

  •        60

This role is still under active development. Configure a RHEL 7 system to be DISA STIG compliant. CAT I findings will be corrected and audited by default. CAT II and III findings can be enabled by setting the appropriate variables to yes.

https://github.com/MindPointGroup/RHEL7-STIG

Tags
Implementation
License
Platform

   




Related Projects

ansible-os-hardening - This Ansible role provides numerous security-related configurations, providing all-round base protection

  •    Ruby

This role provides numerous security-related configurations, providing all-round base protection. It is intended to be compliant with the DevSec Linux Baseline. If you're using inspec to test your machines after applying this role, please make sure to add the connecting user to the os_ignore_users-variable. Otherwise inspec will fail. For more information, see issue #124.

ansible-ssh-hardening - This Ansible role provides numerous security-related ssh configurations, providing all-round base protection

  •    Ruby

This role provides secure ssh-client and ssh-server configurations. It is intended to be compliant with the DevSec SSH Baseline. Warning: This role disables root-login on the target server! Please make sure you have another user with su or sudo permissions that can login into the server.

scap-security-guide - Baseline compliance content in SCAP formats

  •    Python

The purpose of this project is to create security policy content for various platforms -- Red Hat Enterprise Linux, Fedora, Ubuntu, Debian, and others. Our aim is to make it as easy as possible to write new and maintain existing security content in all the commonly used formats. "SCAP content" refers to documents in the XCCDF, OVAL and Source DataStream formats. These documents can be presented in different forms and by different organizations to meet their security automation and technical implementation needs. For general use we recommend Source DataStreams because they contain all the data you need to evaluate and put machines into compliance. The datastreams are part of our release ZIP archives.

hardening - DevSec Examples

  •    Ruby

The Hardening Framework combines DevOps with Security. It implements hardening for Puppet, Chef and Ansible. One of the main goals for the Hardening Framework it to provide security as a plug-in mechanism. All modules are implemented as overlay modules and work in conjunction with the corresponding open source module like apache or nginx. This enables you to drop in hardening for your staging and production environments and reuse existing developments.


quick-secure - Quickly secure UNIX/Linux systems

  •    Shell

Quick NIX Secure Script is used to harden and secure basic permissions and ownership on the fly. This script can be used during boot up, cron, bootstrapping, kickstart, jumpstart and during other system deployments. I recommend using CM tools like Puppet or Ansible, but this is still nice. Many times in (prod)uction world prior admins harden without automation or towards an industry baseline. This is to help get to a point of standardization and quickly set or reset basic system security.

awesome-windows-domain-hardening - A curated list of awesome Security Hardening techniques for Windows

  •    

A curated list of awesome Security Hardening techniques for Windows. This document summarizes the information related to Pyrotek and Harmj0y's DerbyCon talk called "111 Attacking EvilCorp Anatomy of a Corporate Hack". Video and slides are available below.

hardening - Hardening Ubuntu. Systemd edition.

  •    Shell

A quick way to make a Ubuntu server a bit more secure. Tested on 17.10 Artful Aardvark, 18.04 Bionic Beaver and 18.10 Cosmic Cuttlefish (under development).

rails-security-checklist - :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

  •    Ruby

This checklist is limited to Rails security precautions and there are many other aspects of running a Rails app that need to be secured (e.g. up-to-date operating system and other software) that this does not cover. Consult a security expert. One aim for this document is to turn it into a community resource much like the Ruby Style Guide.

vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

  •    Go

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.

chef-os-hardening - This chef cookbook provides numerous security-related configurations, providing all-round base protection

  •    Ruby

This cookbook provides numerous security-related configurations, providing all-round base protection. In the current implementation different components are located in the different recipes. See the available recipes or default.rb for possible component names.

stronghold - Easily configure macOS security settings from the terminal.

  •    Python

stronghold is the easiest way to securely configure your Mac. Designed for MacOS Sierra and High Sierra. Previously fortify.

CRM Bulk Security Role Manager

  •    

CRM Bulk Security Role Manager helps to assign security role according to a csv file.

rattlesnakeos-stack - Build your own privacy and security focused Android OS in the cloud on a continuous basis with OTA updates

  •    Go

RattlesnakeOS is a privacy and security focused Android OS for Google Pixel phones. RattlesnakeOS was created initially as an alternative to CopperheadOS, a security hardened Android OS created by Daniel Micay, after it stopped being properly maintained back in June 2018. To be clear, this project is not attempting to add or recreate any of the security hardening features that were present in CopperheadOS. Instead, it is looking to fill a gap now that CopperheadOS is no longer available in its previous form, as there are no real alternatives that provide the same level of privacy and security.

Security Role Browser for Dynamics CRM 2011

  •    

Security Role browser for Dynamics CRM 2011 is a handy tool to browse,document and glance at CRM 2011 security roles at one go!

user.js - user.js -- Firefox configuration hardening

  •    Javascript

A user.js configuration file for Mozilla Firefox designed to harden browser settings and make it more secure. Do note that these settings alter your browser behaviour quite a bit, so it is recommended to either create a completely new profile for Firefox or backup your existing profile directory before putting the user.js file in place.

Wazuh - Host and endpoint security

  •    C

Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.

CopperheadOS - A security and privacy focused mobile operating system compatible with Android apps

  •    Java

CopperheadOS is a security and privacy focused mobile operating system compatible with Android apps. It provides Protection from zero-days, Hardened C standard library and compiler toolchain, Hardened kernel, Stronger sandboxing and isolation for apps & services, Firewall & network hardening and lot more.

ansible-junos-stdlib - Junos modules for Ansible

  •    Python

Juniper Networks supports Ansible for managing devices running the Junos operating system (Junos OS). This role is hosted on the Ansible Galaxy website under the role Juniper.junos. The Juniper.junos role includes a set of Ansible modules that perform specific operational and configuration tasks on devices running Junos OS. These tasks include: installing and upgrading Junos OS, provisioning new Junos devices in the network, loading configuration changes, retrieving information, and resetting, rebooting, or shutting down managed devices. Please refer to the INSTALLATION section for instructions on installing this role. Since Ansible version >= 2.1, Ansible also natively includes core modules for Junos. The Junos modules included in Ansible core have names which begin with the prefix junos_. The Junos modules included in this Juniper.junos role have names which begin with the prefix juniper_junos_. These two sets of Junos modules can coexist on the same Ansible control machine, and an Ansible play may invoke a module from either (or both) sets. Juniper Networks recommends using the modules in this role when writing new playbooks that manage Junos devices.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.