A curated list of awesome Security Hardening techniques for Windows. This document summarizes the information related to Pyrotek and Harmj0y's DerbyCon talk called "111 Attacking EvilCorp Anatomy of a Corporate Hack". Video and slides are available below.
hardening securityThis role provides numerous security-related configurations, providing all-round base protection. It is intended to be compliant with the DevSec Linux Baseline. If you're using inspec to test your machines after applying this role, please make sure to add the connecting user to the os_ignore_users-variable. Otherwise inspec will fail. For more information, see issue #124.
ansible sysctl protection hardening role playbookDo you like this software? Star the project and become a stargazer. Lynis - Security auditing and hardening tool, for UNIX-based systems.
shell pci-dss compliance security-audit security-hardening security-scanner security-vulnerability hipaa unix vulnerability-detection vulnerability-scanners vulnerability-assessment devops devops-tools system-hardening hardening auditing gdpr security-toolsHardentools is a collection of simple utilities designed to disable a number of "features" exposed by operating systems (Microsoft Windows, for now), and primary consumer applications. These features, commonly thought for enterprise customers, are generally useless to regular users and rather pose as dangers as they are very commonly abused by attackers to execute malicious code on a victim's computer. The intent of this tool is to simply reduce the attack surface by disabling the low-hanging fruit. Hardentools is intended for individuals at risk, who might want an extra level of security at the price of some usability. It is not intended for corporate environments. WARNING: This is just an experiment, it is not meant for public distribution yet. Also, this tool disables a number of features, including of Microsoft Office, Adobe Reader, and Windows, that might cause malfunctions to certain applications. Use this at your own risk.
security hardeningFor a comprehensive list and resolution look at the guide on the link above. This script has been written in bash using AWS-CLI and it works in Linux and OSX.
security security-tools security-audit security-hardening cloudtrail hardening aws-cli aws cis-benchmark prowler assessment aws-auditing complianceAn evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. This guides purpose is to teach you how to secure a Linux server.
security server hardening security-hardening linux-server cc-by-sa hardening-stepsnginx Docker image secure by default. Avoid the hassle of following security best practices "by hand" each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself.
docker nginx security reverse-proxy clamav cybersecurity web-security hardening modsecurity dnsbl devsecops antibot crowdsec bunkerized-nginx security-tuningA terraform module to set up your AWS account with the reasonably secure configuration baseline. Most configurations are based on CIS Amazon Web Services Foundations v1.4.0 and AWS Foundational Security Best Practices v1.0.0. See Benchmark Compliance to check which items in various benchmarks are covered.
aws security devops terraform hardening security-hardening terraform-modules security-tools cis-benchmark aws-auditingSuhosin (pronounced 'su-ho-shin') is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.
suhosin hardeningThis role provides secure ssh-client and ssh-server configurations. It is intended to be compliant with the DevSec SSH Baseline. Warning: This role disables root-login on the target server! Please make sure you have another user with su or sudo permissions that can login into the server.
ansible ssh-configuration playbook role hardening protection ssh-server ssh-agentThis cookbook provides numerous security-related configurations, providing all-round base protection. In the current implementation different components are located in the different recipes. See the available recipes or default.rb for possible component names.
hardening devops security chef chef-cookbookstronghold is the easiest way to securely configure your Mac. Designed for MacOS Sierra and High Sierra. Previously fortify.
macos-setup security osx security-hardening hardening command-line-tool command-lineA quick way to make a Ubuntu server a bit more secure. Tested on 17.10 Artful Aardvark, 18.04 Bionic Beaver and 18.10 Cosmic Cuttlefish (under development).
ubuntu ubuntu-server shell hardening security security-hardening systemdThis is the source for the official SUSE Linux Enterprise and openSUSE Leap documentation. Released versions of the SLE documentation are published at https://www.suse.com/documentation/, the openSUSE Leap documentation can be found at http://doc.opensuse.org/.
suse documentation enterprise opensuse admin deployment tuning security ec2 gnome security-experts deployments docker virtualization kgraft portus hardening storageSnuffleupagus is a PHP 7+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes. It also provides a powerful virtual-patching system, allowing administrator to fix specific vulnerabilities and audit suspicious behaviours without having to touch the PHP code. We've got a download page, where you can find packages for your distribution, but you can of course just git clone this repo, or check the releases on github.
php7 security hardening elephantTHIS SOFTWARE (INCLUDING RESULTING BINARIES) IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Information in this document is subject to change without notice and does not represent or imply any future commitment by the participants of the project.
curl nghttp2 libssh2 libcurl reproducible builds binaries hardening opensslThis is a script and a set of patch files to harden your Slackware Linux installation. The script is divided (well kinda) into dynamic and static changes. The static changes are applied with patch files and the dynamic modifications happen usually with certain commands.
slackware hardeningThe issue tracker will be available once Suhosin7 can actually be compiled. When reporting feature requests, please consider writing a patch yourself and provide a pull request.
suhosin php7 hardeningThe goal of this project is to provide information (and an extension maybe?) to setup Chromium for maximum security. Chromium was not made by Google, it's a web browser 'developed' (based on parts of the original source code from Chrome) by volunteers and released under FLOSS. There exist bunch of alternative forks of it with additional features in it.
chromium sercurity hardening chrome tweak chrome-extension script-safeFirefox 'hardening' by CK :man_cook:
firefox mozilla mozillafirefox hardening about-config anti-fingerprinting privacy settings telemetry
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.