apparmor.d
lynis
| apparmor.d | lynis | |
|---|---|---|
| 24 | 72 | |
| 365 | 12,533 | |
| - | 1.2% | |
| 9.9 | 7.8 | |
| 5 days ago | 6 days ago | |
| Go | Shell | |
| GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
apparmor.d
-
Sandboxing All the Things with Flatpak and BubbleBox
If anyone want to look further into sandboxing applications on Linux, you can also look at AppArmor and the sandboxing features built into systemd.
I love this repository for bases for AppArmor profiles[1], really good work. Never found a repository as good for systemd, but there are a few around.
[1] https://github.com/roddhjav/apparmor.d
- Anyone writes AppArmor profiles?
-
AppArmor and Profile Inheritance
Then, categorize all your script zoo: maybe some script group want to only read the data, while some need to write, maybe one group needs to use certain set of binaries, and other group - others.
- How would you sandbox shady PDF files from the internet?
-
OpenSUSE Tumbleweed Security – firewall, fail2ban, apparmor
You could utilize some profiles from apparmor.d repo, but you should be slightly aware how it works (disclaimer: I'm the contributor).
-
FOSS alternative to Teamviewer
Regardless, I wrote an AppArmor profile so it couldn't happen again.
-
Cybersec student here. How it possible that Linux is more secure than Windows?
Maintainer's response.
-
MacOS-like support for directory access control on Linux, *per app*
There is a project in early development: apparmor.d. Adopting some or all profiles will do the job. To use it smoothly, basic AppArmor knowledge is required. (I'm the contributor)
-
AppArmor and Firefox: Does it actually work?
Dependent on the OS and Firefox distribution. I can advertise profile that I co-maintain. It uses non-standard tunables, which will require some README reading to get them into the system.
-
SELinux VS AppArmor - go!
Red Hat based distros come preconfigured with a lot of SELinux policies. With AppArmor, you get basically nothing. There is a project I also contribute to from time to time, that gives you a lot more policies, but this is entirely out-of-tree (https://github.com/roddhjav/apparmor.d).
lynis
-
Who does check linux distros of malware - open source
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...
- Learn security best practices
- How do i find and remove the compilers installed in fedora?
-
Fight against scans, bots and script-kiddies
What I would do in your place is run this https://github.com/CISOfy/lynis and follow some of the instructions.
-
What are your favorite sites that are privacy related that you bookmarked?
https://github.com/CISOfy/Lynis (Linux hardening)
- Server security/hardening baselines for Linux Template
- Ultimate privacy when setting up Fedora?
- Linux security tests?
- Vulnerability scanning tools for homelab?
-
Cyber Security for developers: what and where to learn?
Linux security audit scanner
What are some alternatives?
kubernetes-ingress - NGINX and NGINX Plus Ingress Controllers for Kubernetes
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
UBUNTU20-CIS - Ansible role for Ubuntu 2004 CIS Baseline
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
hardentools - Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
ssh-p2p - ssh p2p tunneling server and client
cve-check-tool - Original Automated CVE Checking Tool
kloak - Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.
OSQuery - SQL powered operating system instrumentation, monitoring, and analytics.
shadowsocks-gtk-rs - A desktop GUI frontend for shadowsocks-rust client implemented with gtk-rs.
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening