CIS-for-macOS-Catalina-CP
debian-cis
CIS-for-macOS-Catalina-CP | debian-cis | |
---|---|---|
1 | 3 | |
120 | 663 | |
0.0% | 3.6% | |
0.0 | 7.3 | |
almost 3 years ago | 24 days ago | |
Shell | Shell | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CIS-for-macOS-Catalina-CP
-
Hardening macOS
You can get most of the way to hardening to CIS level 1 picking more up-to-date fork of these https://github.com/jamf/CIS-for-macOS-Catalina-CP.
FWIW, CIS level 1 will mean people get locked out of their machines very frequently. Complex 15 character passwords with 3 retries from memory. So you need a half-decent MDM to unlock quickly. There is no half-decent MDM out there. Only shit ones but workable like Jamf.
Also you the username does't get auto-populated on login so the typo can be in username and user assumes it is with password. Very fast way to get lock outs.
To pass a full security review you might want to play with Google Santa. But that is intense.
debian-cis
- Q: How many have actually secured thier server?
-
Any tool to check the security of my server?
I normally use debian-cis: https://github.com/ovh/debian-cis
- Basic Server Hardening Steps
What are some alternatives?
macos_security - macOS Security Compliance Project
ansible-collection-hardening - This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
santa - A binary authorization and monitoring system for macOS
hardening - Hardening Ubuntu. Systemd edition.
jss-filevault-reissue - A framework for re-escrowing missing or invalid FileVault keys with Jamf Pro.
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
super - S.U.P.E.R.M.A.N. optimizes the macOS software update experience.
How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. [Moved to: https://github.com/prowler-cloud/prowler]
Whonix - Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP. https://www.whonix.org
prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
bastion - 🔒Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support