rails-security-checklist - :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

•    Ruby

This checklist is limited to Rails security precautions and there are many other aspects of running a Rails app that need to be secured (e.g. up-to-date operating system and other software) that this does not cover. Consult a security expert. One aim for this document is to turn it into a community resource much like the Ruby Style Guide.

user.js - user.js -- Firefox configuration hardening

•    Javascript

A user.js configuration file for Mozilla Firefox designed to harden browser settings and make it more secure. Do note that these settings alter your browser behaviour quite a bit, so it is recommended to either create a completely new profile for Firefox or backup your existing profile directory before putting the user.js file in place.

lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems

•    Shell

Do you like this software? Star the project and become a stargazer. Lynis - Security auditing and hardening tool, for UNIX-based systems.

vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

•    Go

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.

prowler - AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool

•    Shell

For a comprehensive list and resolution look at the guide on the link above. This script has been written in bash using AWS-CLI and it works in Linux and OSX.

How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.

An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. This guides purpose is to teach you how to secure a Linux server.

terraform-aws-secure-baseline - Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices

•    HCL

A terraform module to set up your AWS account with the reasonably secure configuration baseline. Most configurations are based on CIS Amazon Web Services Foundations v1.4.0 and AWS Foundational Security Best Practices v1.0.0. See Benchmark Compliance to check which items in various benchmarks are covered.

Wazuh - Host and endpoint security

•    C

Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.

xss-listener - 🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

•    Javascript

From now on, you do not need XSS listeners! XSS listener records the data you have stolen on the remote site in the database, and gives instant notification with telegram / slack.

c2rust - C to Rust translation, refactoring, and cross-checking

•    Rust

The ast-exporter extracts from a C file the abstract syntax tree and type information produced by Clang and serializes it into CBOR files. The ast-importer consumes these CBOR files and generates Rust source code preserving the semantics (as understood under C99) of the initial C program. The translated Rust files will not depend directly on each other like normal Rust modules. They will export and import functions through the C API. These modules can be compiled together into a single static Rust library.

stronghold - Easily configure macOS security settings from the terminal.

•    Python

stronghold is the easiest way to securely configure your Mac. Designed for MacOS Sierra and High Sierra. Previously fortify.

hardening - Hardening Ubuntu. Systemd edition.

•    Shell

A quick way to make a Ubuntu server a bit more secure. Tested on 17.10 Artful Aardvark, 18.04 Bionic Beaver and 18.10 Cosmic Cuttlefish (under development).

quick-secure - Quickly secure UNIX/Linux systems

•    Shell

Quick NIX Secure Script is used to harden and secure basic permissions and ownership on the fly. This script can be used during boot up, cron, bootstrapping, kickstart, jumpstart and during other system deployments. I recommend using CM tools like Puppet or Ansible, but this is still nice. Many times in (prod)uction world prior admins harden without automation or towards an industry baseline. This is to help get to a point of standardization and quickly set or reset basic system security.

wazuh-ansible - Wazuh - Ansible playbook

This playbooks installs and configure Wazuh agent, manager and Elastic Stack. The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.

wazuh-api - Wazuh - RESTful API

•    Javascript

Wazuh API is an open source RESTful API to interact with Wazuh from your own application or with a simple web browser or tools like cURL. Our goal is to completely manage Wazuh remotely. Perform everyday actions like adding an agent, check configuration, or look for syscheck files are now simplest using Wazuh API.

wazuh-docker - Wazuh - Docker containers

•    Shell

In addition, a docker-compose file is provided to launch the containers mentioned above. It also launches an Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images. Containers are currently tested on Wazuh version 3.3.0 and Elastic Stack version 6.2.4. We will do our best to keep this repository updated to latest versions of both Wazuh and Elastic Stack.

wazuh-documentation - Wazuh - Project documentation

•    Python

Here you will find instructions to install and deploy Wazuh HIDS. If you want to contribute to this documentation (built using Sphinx) or our projects please head over to our Github repositories and submit pull requests.

wazuh-kibana-app - Wazuh - Kibana plugin

•    Javascript

Visualize and analyze Wazuh alerts stored in Elasticsearch using our Kibana app plugin. If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users mailing list, by sending an email to mailto:wazuh+subscribe@googlegroups.com, to ask questions and participate in discussions.

wazuh-packages - Wazuh - Tools for packages creation

•    Shell

Wazuh is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

wazuh-puppet - Wazuh - Puppet module

•    Puppet

This module installs and configure Wazuh agent and manager. This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gazeley and Michael Porter. Wazuh has forked it with the purpose of maintaining it. Thank you to the authors for the contribution.