|about 1 month ago||5 days ago|
|GNU General Public License v3.0 or later||GNU General Public License v3.0 only|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
We haven't tracked posts mentioning pg_auto_failover_ansible yet.
Tracking mentions began in Dec 2020.
3 projects | reddit.com/r/sysadmin | 16 Sep 2022
Lynis is one such tool. The more tools you use, the more coverage you'll get.3 projects | reddit.com/r/sysadmin | 16 Sep 2022
How I secure my VPS
2 projects | reddit.com/r/selfhosted | 25 Aug 2022
You can use Lynis to audit your system and find possible improvements.
CIS Hardening Ubuntu Server
2 projects | reddit.com/r/sysadmin | 7 Jul 2022
PChunter equivalent on Linux?
4 projects | reddit.com/r/blackhat | 20 Jun 2022
Server Hardening Checklist
2 projects | reddit.com/r/cybersecurity | 3 May 2022
For Linux lynis by cisofy. Free version is good enough, but the paid is cheap. The guy who writes it is super helpful. https://cisofy.com/lynis/
Is clamav still regarded as the best virus scanning software on Linux?
4 projects | reddit.com/r/linuxquestions | 9 Mar 2022
Linux noob, just got on Fedora - security related query.
2 projects | reddit.com/r/Fedora | 26 Feb 2022
You can install Lynis (https://cisofy.com/lynis/), it should be in the repo. Run it and it will tell you recommendations to improve security.
[question] vulnerability assessment (for the homeserver)
2 projects | reddit.com/r/selfhosted | 23 Dec 2021
Take at look at Grype for containers and Lynis for the OS.
My First 5 Minutes on a Server; Or, Essential Security for Linux Servers (2013)
2 projects | news.ycombinator.com | 8 Dec 2021
> Isn't a Ubuntu server secure out of the box?
I think that the people working at RedHat actually are more competent in moving security forward on Linux than what Ubuntu does. Ubuntu hardly innovates here at all. It's target seems to be desktop users or server admins that are familiar with the Desktop version. I wouldn't put Ubuntu (or any other distribution) on a server without an elaborate playbook to tailor it to my needs. And this is where Ubuntu fails for me because it makes some weird assumptions as to what I want in terms of security (which are absent in Debian). YMMV. Ubuntu security innovation is non existing. Although I think that a distribution's goal should be accessibility and configurability - in that regard all of them don't prioritize security features as much as I'd like to see (but knowing myself I probably would complain the second these features become too opinionated.
Ubuntu compared to Debian standard install is more bloated, interim releases are much buggier, and Ubuntu LTS is less stable than Debian stable. Ubuntu's root certificate store is constantly outdated (though the same issue might also be on Debian). Their apparmor configuration lags behind.
All distributions could do more to lock down processes with seccomp-filters in systemd. Would be interesting to see what lynis⁰ discovers when comparing a fresh server install between Ubuntu and others.
Jason Donenfeld, the creator of Wireguard said about Ubuntu on the latest¹ SCW podcast:
> Ubuntu is always, a horrible distribution to work with, ...
> Well, they [Ubuntu] sort of inherit from Debian, but they're like not super tuned in to what's going on and like not really on top of things. And so it was just always, it's still a pain to like make sure Ubuntu is working well. but I don't know, it's not too much interesting to say about the distro story, just open source politics as usual.
while somewhat anecdotal I trust that Jason knows what he is talking about having been on the linux security kernel team for ages and familiar with the quirks of various downstream vendors. His development cycle for WG is: implement -> decompile -> formal-verification -> rinse/repeat :-/
What are some alternatives?
Wazuh - Wazuh - The Open Source Security Platform
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
cve-check-tool - Original Automated CVE Checking Tool
PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
OSQuery - SQL powered operating system instrumentation, monitoring, and analytics.
pfSense - Main repository for pfSense
debian-cis - PCI-DSS compliant Debian 9/10 hardening
crowdsec - CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
Snort - Snort++
Fail2Ban - Daemon to ban hosts that cause multiple authentication errors
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
grype - A vulnerability scanner for container images and filesystems