content
ansible-hardening
Our great sponsors
content | ansible-hardening | |
---|---|---|
7 | 6 | |
2,049 | 655 | |
2.6% | 1.1% | |
10.0 | 5.0 | |
6 days ago | 9 days ago | |
Shell | Jinja | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
content
-
FIPS 140 and MacOS
For starters there's an entire NIST project for macOS Security Compliance - https://github.com/usnistgov/macos_security this will make your life a million times easier to meet a lot of the technical controls required for compliance. Nothing like this really exists for Windows or Linux(closest is Compliance As Code https://github.com/ComplianceAsCode/content)
- Ansible for automation/ hardening.
- hardening a RHEL8 VM using OpenSCAP and DISA STIG
ansible-hardening
- Ansible for automation/ hardening.
-
what tool do you use for validating hardening settings have been applied. this is for security and hardening purposes. for example, ensure that admin username is not default username, password is at least 12 characters with upper, lower and special characters, https is enabled etc
I once used Major Haydens ansible hardening role
-
What does everyone use for automating setting up a new VPS?
I use Ansible, like many others. One of the roles I use for hardening is this one: https://github.com/openstack/ansible-hardening
What are some alternatives?
inspec - InSpec: Auditing and Testing Framework
flake8-bandit - Automated security testing using bandit and flake8.
hardening - Hardening Ubuntu. Systemd edition.
AMDH - Android Mobile Device Hardening
ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
ansible-role-rhel8-stig - DISA STIG for Red Hat Enterprise Linux 8 - Ansible role generated from ComplianceAsCode Project
prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
RHEL7-STIG - Ansible role for Red Hat 7 STIG Baseline
MixewayHub - Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
solr-password-generator - Solr security.json password generator. Generate password for the file security.json using a script.