awesome-windows-domain-hardening - A curated list of awesome Security Hardening techniques for Windows

A curated list of awesome Security Hardening techniques for Windows. This document summarizes the information related to Pyrotek and Harmj0y's DerbyCon talk called "111 Attacking EvilCorp Anatomy of a Corporate Hack". Video and slides are available below.

ansible-os-hardening - This Ansible role provides numerous security-related configurations, providing all-round base protection

•    Ruby

This role provides numerous security-related configurations, providing all-round base protection. It is intended to be compliant with the DevSec Linux Baseline. If you're using inspec to test your machines after applying this role, please make sure to add the connecting user to the os_ignore_users-variable. Otherwise inspec will fail. For more information, see issue #124.

lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems

•    Shell

Do you like this software? Star the project and become a stargazer. Lynis - Security auditing and hardening tool, for UNIX-based systems.

hardentools - Hardentools is a utility that disables a number of risky Windows features.

•    Go

Hardentools is a collection of simple utilities designed to disable a number of "features" exposed by operating systems (Microsoft Windows, for now), and primary consumer applications. These features, commonly thought for enterprise customers, are generally useless to regular users and rather pose as dangers as they are very commonly abused by attackers to execute malicious code on a victim's computer. The intent of this tool is to simply reduce the attack surface by disabling the low-hanging fruit. Hardentools is intended for individuals at risk, who might want an extra level of security at the price of some usability. It is not intended for corporate environments. WARNING: This is just an experiment, it is not meant for public distribution yet. Also, this tool disables a number of features, including of Microsoft Office, Adobe Reader, and Windows, that might cause malfunctions to certain applications. Use this at your own risk.

prowler - AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool

•    Shell

For a comprehensive list and resolution look at the guide on the link above. This script has been written in bash using AWS-CLI and it works in Linux and OSX.

How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.

An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. This guides purpose is to teach you how to secure a Linux server.

bunkerized-nginx - nginx Docker image secure by default.

•    Python

nginx Docker image secure by default. Avoid the hassle of following security best practices "by hand" each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself.

terraform-aws-secure-baseline - Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices

•    HCL

A terraform module to set up your AWS account with the reasonably secure configuration baseline. Most configurations are based on CIS Amazon Web Services Foundations v1.4.0 and AWS Foundational Security Best Practices v1.0.0. See Benchmark Compliance to check which items in various benchmarks are covered.

suhosin - SUHOSIN - 수호신 - The PHP security extension.

•    C

Suhosin (pronounced 'su-ho-shin') is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

ansible-ssh-hardening - This Ansible role provides numerous security-related ssh configurations, providing all-round base protection

•    Ruby

This role provides secure ssh-client and ssh-server configurations. It is intended to be compliant with the DevSec SSH Baseline. Warning: This role disables root-login on the target server! Please make sure you have another user with su or sudo permissions that can login into the server.

chef-os-hardening - This chef cookbook provides numerous security-related configurations, providing all-round base protection

•    Ruby

This cookbook provides numerous security-related configurations, providing all-round base protection. In the current implementation different components are located in the different recipes. See the available recipes or default.rb for possible component names.

stronghold - Easily configure macOS security settings from the terminal.

•    Python

stronghold is the easiest way to securely configure your Mac. Designed for MacOS Sierra and High Sierra. Previously fortify.

hardening - Hardening Ubuntu. Systemd edition.

•    Shell

A quick way to make a Ubuntu server a bit more secure. Tested on 17.10 Artful Aardvark, 18.04 Bionic Beaver and 18.10 Cosmic Cuttlefish (under development).

doc-sle - Official SUSE Linux Enterprise documentation

This is the source for the official SUSE Linux Enterprise and openSUSE Leap documentation. Released versions of the SLE documentation are published at https://www.suse.com/documentation/, the openSUSE Leap documentation can be found at http://doc.opensuse.org/.

snuffleupagus - Security module for php7 - Killing bugclasses and virtual-patching the rest!

•    C

Snuffleupagus is a PHP 7+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes. It also provides a powerful virtual-patching system, allowing administrator to fix specific vulnerabilities and audit suspicious behaviours without having to touch the PHP code. We've got a download page, where you can find packages for your distribution, but you can of course just git clone this repo, or check the releases on github.

curl-for-win - Reproducible curl/libcurl (and OpenSSL) binaries for Windows

•    Shell

THIS SOFTWARE (INCLUDING RESULTING BINARIES) IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Information in this document is subject to change without notice and does not represent or imply any future commitment by the participants of the project.

harden.sh - Slackware hardening script

•    Shell

This is a script and a set of patch files to harden your Slackware Linux installation. The script is divided (well kinda) into dynamic and static changes. The static changes are applied with patch files and the dynamic modifications happen usually with certain commands.

suhosin7 - Suhosin Extension for PHP 7.x

•    C

The issue tracker will be available once Suhosin7 can actually be compiled. When reporting feature requests, please consider writing a patch yourself and provide a pull request.

Chromium-hardening - Hardens Chromium and it's settings in the name of 'security' :suspect:

•    Batchfile

The goal of this project is to provide information (and an extension maybe?) to setup Chromium for maximum security. Chromium was not made by Google, it's a web browser 'developed' (based on parts of the original source code from Chrome) by volunteers and released under FLOSS. There exist bunch of alternative forks of it with additional features in it.

FFCK - Firefox 'hardening' by CK :man_cook:

•    Javascript

Firefox 'hardening' by CK :man_cook: