easy-admin
ssh-audit
easy-admin | ssh-audit | |
---|---|---|
5 | 21 | |
32 | 3,133 | |
- | - | |
8.3 | 8.6 | |
27 days ago | 11 days ago | |
Shell | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
easy-admin
-
SSHGuard
while it is not the best, you can try my working sane default for sshd_config and sshd_config.
Each settings in the config files have annotations and details and some have additional links detailing why.
Even has a bash script to let you create these config files (defaults to a subdirectory, not into /etc/ssh)
https://github.com/egberts/easy-admin/tree/b74765baa450593be...
-
Start Self Hosting
CISecurity and other government hardening docs were applied as well and then some I took even further like Chrony had its file permissions/ownership even further and MitM block feature as well.
These are dangerous scripts where it can write files as root but as a user, you will instead get configuration files written out in appropriate directories under `build` subdirectory.
If these designs work across Redhat/Fedora/CentOS, Debian/Devuan, and ArchLinux well, I may forge even further.
https://github.com/egberts/easy-admin
-
How Does NTP (Network Time Protocol) Work?
There is MitM NTP going on so a bit of hardening is needed.
Not commonly discussed but I wrote a script to do Chrony added configuration to mitigate this.
https://github.com/egberts/easy-admin/blob/main/480-ntp-chro...
- Simple SSH Security
ssh-audit
-
Terrapin Attack for prefix injection in SSH
No. Mitigations are available now. Follow the recommendations from ssh-audit (master version). [0]
0. https://github.com/jtesta/ssh-audit
- SSH-audit: SSH server and client security auditing
- Quick/simple question checking for SSH vulnerabilities
- Why so many bots?
-
How to secure my self-hosted website?
Match Address 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 PasswordAuthentication yes ```` You may audit your SSH service by https://github.com/jtesta/ssh-audit
-
Why does my SSH private key still work after changing some bytes? (2016)
Off topic: audit tool for OpenSSH config files.
Posted here because SSH algorithms are a moving target.
https://github.com/jtesta/ssh-audit/tree/e50ac5c84d46e902e02...
-
SFTP (SSH) Cipher Sanity Check
In addition to ssllabs, I'll recommend jtesta's ssh-audit.py
What are some alternatives?
docker-ntp - 🕒 Chrony NTP Server running in a Docker container (without the priviledged flag)
Pritunl - Enterprise VPN server
HRScan2 - A self-hosted drag-and-drop, nosql yet fully-featured file-scanning server.
testssl.sh - Testing TLS/SSL encryption anywhere on any port
MarkdownSite - Create a website from a git repository in one click
yubikey-agent - yubikey-agent is a seamless ssh-agent for YubiKeys.
ios - 📱 Nextcloud iOS App
ufw-docker - To fix the Docker and UFW security flaw without disabling iptables
HRConvert2 - A self-hosted, drag-and-drop & nosql file conversion server & share tool that supports 86 file formats in 13 languages.
tinyssh - TinySSH is small server (less than 100000 words of code)
blocklist - This package contains a library that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and closing ports dynamically based on policy.
mistborn