streisand
ansible-collection-hardening
Our great sponsors
| streisand | ansible-collection-hardening | |
|---|---|---|
| 27 | 25 | |
| 22,450 | 3,650 | |
| - | 1.9% | |
| 0.0 | 9.2 | |
| almost 3 years ago | 25 days ago | |
| Shell | Jinja | |
| GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
streisand
-
The NSA is just from taking over the internet
https://github.com/StreisandEffect/streisand
Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
-
Russia has started indiscriminately blocking all OpenVPN/WireGuard connections
Unfortunately, that's to the Great Firewall of China, there has been a lot of resources put in to fingerprint VPNs and block them by state actors.
Fortunately, however, there is equally years of some of the smartest minds on the planet working to bypass Chinese censorship, so there are some great OpenVPN alternatives.
I really encourage you to look into something like Shadowsocks which Chinese people have found great success in using over the last several years.
It's quite sad that projects like Streisand[0] were archived, but I'm sure there are other alternatives that might make it just as easy to roll onto a server.
-
Ask HN: 2023 Alternative to the Streisand Project
The Streisand Project[0] provided easy installation of well-configured certs, VPNs and various other software on cloud instances. It was great for travelling internationally: run the script and after a few minutes one had a cloud instance and everything one needed to securely access the Internet through one’s own country.
Unfortunately, it was archived in 2021. Is there anything in 2023 which approaches it? I’ve seen Algo[1], but I don’t believe it does as much to help one to avoid packet filtering. It’s also based on Ubuntu rather than Debian, which seems like a mistake with security-conscious server software.
0: https://github.com/StreisandEffect/streisand
1: https://github.com/trailofbits/algo
-
NRIs : Do you use Indian subscriptions abroad to save money?
It basically works like any normal VPN. Setting it up is quite easy, you just need a VPS and setup Streisand by following their guide.
-
I don’t want my landlord to see my website activities, any VPN recommendations? What do you think of VPN providers such as Nord, Express VPN? Is it safe to use free VPN such as Hola? I need a VPN that will not slow down my Internet speed (100M) and safe as well.
You are better off renting a cloud server and rolling your own, e.g. using Streisand, Algo or my own Edgewalker
- How to turn 256MB NAT into a VPN?
- I don't think this is much of a hacking but the internet is going to shutdown in my country and I don't know how to cross internet blockage.
-
Pivpn: Simplest Way to Setup a VPN
I currently use https://github.com/StreisandEffect/streisand which was extremely simple to set up.
What are the main advantages over Streisand?
-
How do you stay secure?
For a VPN, I use Streisand (https://github.com/StreisandEffect/streisand) running on a box in a datacenter in Iceland. I also occasionally use other VPNs. I turn off the VPN on my gaming PC when playing specific games.
- Ask HN: Which VPN provider should one use from Russia?
ansible-collection-hardening
-
Ask HN: What open-source projects are you currently contributing to and why?
An ansible collection for hardening Linux systems I mostly wrote: https://github.com/dev-sec/ansible-collection-hardening
Another ansible collection to manage Icinga: https://github.com/T-Systems-MMS/ansible-collection-icinga-d...
And the yunohost app for invoice ninja: https://github.com/YunoHost-Apps/invoiceninja5_ynh
-
Ansible - how widely used is it ?
i have some packer builds where itll install ansible, run playbooks locally, then uninstall ansible. such as the the devsec os hardening role: https://github.com/dev-sec/ansible-collection-hardening
- What hardening before forwarding services?
-
Security Harden Ubuntu 22.04
This collection is also interesting https://github.com/dev-sec/ansible-collection-hardening/
-
What you guys use for website protection? We use sentinel one but doesn't cover web related items
Second you want to ensure the os is secure and up to date. Take a look at os hardening best practices, for example this ansible playbook for linux: https://github.com/dev-sec/ansible-collection-hardening
- Ansible for automation/ hardening.
-
How do you document your (whole) setup ? Looking for ideas.
To ensure SSH and other security related things are configured correctly, you can take a look at DevSec which helps you to apply proven security configuration principles. Also there is guides like "Secure Secure Shell" which can help you to better understand what you can do to increase the security of your servers (this one is from 2015 but many aspects are still relevant).
-
Recommendations for advanced material (reading material, courses, etc) on server security?
I learned a lot by using and reading through the source code of these ansible roles: https://github.com/dev-sec/ansible-collection-hardening
-
Ask HN: How to secure Ubuntu VPS in 2022?
Have a look at https://github.com/dev-sec/ansible-collection-hardening
-
SSH Bastion host best practices: How to Build and Deploy a Security-Hardened SSH Bastion Host
You can do much more https://github.com/dev-sec/ansible-collection-hardening/tree/master/roles/ssh_hardening
What are some alternatives?
algo - Set up a personal VPN in the cloud
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening
docker-ipsec-vpn-server - Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
openconnect - OpenConnect client extended to support Palo Alto Networks' GlobalProtect VPN
goss - Quick and Easy server testing/validation
dnscrypt-proxy - dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
RHEL7-CIS - Ansible role for Red Hat 7 CIS Baseline
jetson-nano-image - Create minimalist, Ubuntu based images for the Nvidia jetson boards [Moved to: https://github.com/pythops/jetson-image]
ansible-collection-nginx - Ansible collection for NGINX
Cloak - A censorship circumvention tool to evade detection by authoritarian state adversaries
netboot.xyz - Your favorite operating systems in one place. A network-based bootable operating system installer based on iPXE.