Top 23 Hardening Open-Source Projects

• How-To-Secure-A-Linux-Server

  48 16,633 4.6

  An evolving how-to guide for securing a Linux server.

  Project mention: An evolving how-to guide for securing a Linux server | news.ycombinator.com | 2024-01-25

• lynis

  72 12,462 8.1 Shell

  Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  

  Project mention: Who does check linux distros of malware - open source | /r/linux | 2023-12-10

  Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...

• InfluxDB

  www.influxdata.com

  sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• YubiKey-Guide

  112 10,693 7.9 HTML

  Guide to using YubiKey for GnuPG and SSH

  Project mention: Can I use Security Key C NFC as backup for 5C NFC if I use OpenPGP? | /r/yubikey | 2023-12-07

  Instead, most people generate keypair(s) on an airgapped machine and write them to two Yubikeys. Or write subkeys to a single Yubikey and keep a backup in encrypted form. See https://github.com/drduh/YubiKey-Guide

• prowler

  24 9,486 9.9 Python

  Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  

  Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04

  Which cloud provider?

  https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.

  Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security

• ansible-collection-hardening

  25 3,650 9.2 Jinja

  This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

  

  Project mention: Ask HN: What open-source projects are you currently contributing to and why? | news.ycombinator.com | 2023-06-16

  An ansible collection for hardening Linux systems I mostly wrote: https://github.com/dev-sec/ansible-collection-hardening

  Another ansible collection to manage Icinga: https://github.com/T-Systems-MMS/ansible-collection-icinga-d...

  And the yunohost app for invoice ninja: https://github.com/YunoHost-Apps/invoiceninja5_ynh

• BunkerWeb

  16 3,414 9.9 Lua

  🛡️ Make your web services secure by default !

  

  Project mention: BunkerWeb: Nginx-based open-source Web Application Firewall (WAF) | news.ycombinator.com | 2024-01-09

• hardentools

  13 2,797 4.5 Go

  Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.

  

• WorkOS

  workos.com

  sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• windows_hardening

  14 2,149 7.4 PowerShell

  HardeningKitty and Windows Hardening settings and configurations

• content

  7 2,068 10.0 Shell

  Security automation content in SCAP, Bash, Ansible, and other formats (by ComplianceAsCode)

  

  Project mention: Oracle linux CIS benchmark | /r/ansible | 2023-06-07

• mongoaudit

  1 1,308 0.0 Python

  🔥 A powerful MongoDB auditing and pentesting tool 🔥

  

• hardening

  5 1,298 8.8 Shell

  Hardening Ubuntu. Systemd edition.

• Windows-11-Guide

  24 1,235 8.5 C#

  Windows 10/11 Guide. Including Windows Security tools, Encryption, Nextcloud, Graphics, Gaming, Virtualization, Windows Subsystem for Linux (WSL 2), Software Apps, and Resources.

• hardened_malloc

  652 1,149 7.9 C

  Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

  

  Project mention: WhatsApp forces Pegasus spyware maker to share its secret code | news.ycombinator.com | 2024-03-02

• HardeningKitty

  14 1,120 2.9 PowerShell

  HardeningKitty - Checks and hardens your Windows configuration

  

  Project mention: If You Had To Create All IT Policies From Scratch | /r/sysadmin | 2023-06-29

  Also Hardening-Kitty. https://github.com/scipag/HardeningKitty

• terraform-aws-secure-baseline

  1 1,113 0.0 HCL

  Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

• Windows-Optimize-Harden-Debloat

  1 1,001 7.6 PowerShell

  Enhance the security and privacy of your Windows 10 and Windows 11 deployments with our fully optimized, hardened, and debloated script. Adhere to industry best practices and Department of Defense STIG/SRG requirements for optimal performance and security.

• Windows11_Hardening

  31 985 6.2

  a collection about Windows 11

  Project mention: Share some articles you've saved | /r/privsec_dev | 2023-04-28

  A collection about Windows 11 security https://github.com/beerisgood/Windows11_Hardening

• grapheneX

  1 910 8.2 Python

  Automated System Hardening Framework

  

• JShielder

  4 733 0.0 PHP

  Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark

• snuffleupagus

  9 728 7.9 PHP

  Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

  Project mention: WordPress plugin hole puts '2M websites' at risk | news.ycombinator.com | 2023-05-08

  I wonder if Snuffleupagus can block this exploit.

  https://snuffleupagus.readthedocs.io/

• ansible-role-hardening

  1 492 9.5 Jinja

  Ansible role to apply a security baseline. Systemd edition.

• harden-runner

  15 483 7.5 TypeScript

  Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

  

• cis-docker-benchmark

  2 472 2.8 Ruby

  CIS Docker Benchmark - InSpec Profile

  

• SaaSHub

  www.saashub.com

  sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Hardening related posts

• Sandboxing All the Things with Flatpak and BubbleBox
  4 projects | news.ycombinator.com | 14 Apr 2024
• An evolving how-to guide for securing a Linux server
  1 project | news.ycombinator.com | 25 Jan 2024
• How to Secure a Linux Server
  1 project | news.ycombinator.com | 8 Jan 2024
• Should I set up my own server?
  1 project | /r/rustdesk | 8 Dec 2023
• Ask HN: Cloud security auditing for indie-grade projects?
  1 project | news.ycombinator.com | 4 Dec 2023
• Private and Secure Windows
  1 project | news.ycombinator.com | 21 Nov 2023
• Automating AWS Prowler Scans
  1 project | dev.to | 23 Aug 2023
• A note from our sponsor - WorkOS
  workos.com | 17 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com