The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Hardening Open-Source Projects
-
Project mention: An evolving how-to guide for securing a Linux server | news.ycombinator.com | 2024-01-25
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Project mention: Can I use Security Key C NFC as backup for 5C NFC if I use OpenPGP? | /r/yubikey | 2023-12-07
Instead, most people generate keypair(s) on an airgapped machine and write them to two Yubikeys. Or write subkeys to a single Yubikey and keep a backup in encrypted form. See https://github.com/drduh/YubiKey-Guide
-
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04Which cloud provider?
https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.
Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security
-
ansible-collection-hardening
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
Project mention: Ask HN: What open-source projects are you currently contributing to and why? | news.ycombinator.com | 2023-06-16An ansible collection for hardening Linux systems I mostly wrote: https://github.com/dev-sec/ansible-collection-hardening
Another ansible collection to manage Icinga: https://github.com/T-Systems-MMS/ansible-collection-icinga-d...
And the yunohost app for invoice ninja: https://github.com/YunoHost-Apps/invoiceninja5_ynh
-
Project mention: BunkerWeb: Nginx-based open-source Web Application Firewall (WAF) | news.ycombinator.com | 2024-01-09
-
hardentools
Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
-
-
-
Windows-11-Guide
Windows 10/11 Guide. Including Windows Security tools, Encryption, Nextcloud, Graphics, Gaming, Virtualization, Windows Subsystem for Linux (WSL 2), Software Apps, and Resources.
-
hardened_malloc
Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.
Project mention: WhatsApp forces Pegasus spyware maker to share its secret code | news.ycombinator.com | 2024-03-02 -
Also Hardening-Kitty. https://github.com/scipag/HardeningKitty
-
terraform-aws-secure-baseline
Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
-
Windows-Optimize-Harden-Debloat
Enhance the security and privacy of your Windows 10 and Windows 11 deployments with our fully optimized, hardened, and debloated script. Adhere to industry best practices and Department of Defense STIG/SRG requirements for optimal performance and security.
-
A collection about Windows 11 security https://github.com/beerisgood/Windows11_Hardening
-
-
-
Project mention: WordPress plugin hole puts '2M websites' at risk | news.ycombinator.com | 2023-05-08
I wonder if Snuffleupagus can block this exploit.
-
-
harden-runner
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Hardening related posts
- Sandboxing All the Things with Flatpak and BubbleBox
- An evolving how-to guide for securing a Linux server
- How to Secure a Linux Server
- Should I set up my own server?
- Ask HN: Cloud security auditing for indie-grade projects?
- Private and Secure Windows
- Automating AWS Prowler Scans
-
A note from our sponsor - WorkOS
workos.com | 17 Apr 2024
Index
What are some of the best open-source Hardening projects? This list will help you:
Project | Stars | |
---|---|---|
1 | How-To-Secure-A-Linux-Server | 16,633 |
2 | lynis | 12,462 |
3 | YubiKey-Guide | 10,693 |
4 | prowler | 9,486 |
5 | ansible-collection-hardening | 3,650 |
6 | BunkerWeb | 3,414 |
7 | hardentools | 2,797 |
8 | windows_hardening | 2,149 |
9 | content | 2,068 |
10 | mongoaudit | 1,308 |
11 | hardening | 1,298 |
12 | Windows-11-Guide | 1,235 |
13 | hardened_malloc | 1,149 |
14 | HardeningKitty | 1,120 |
15 | terraform-aws-secure-baseline | 1,113 |
16 | Windows-Optimize-Harden-Debloat | 1,001 |
17 | Windows11_Hardening | 985 |
18 | grapheneX | 910 |
19 | JShielder | 733 |
20 | snuffleupagus | 728 |
21 | ansible-role-hardening | 492 |
22 | harden-runner | 483 |
23 | cis-docker-benchmark | 472 |