Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 security-hardening Open-Source Projects
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
-
awesome-security-hardening
A collection of awesome security hardening guides, tools and other resources
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
privacy.sexy
Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
-
-
-
rails-security-checklist
:key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)
-
Harden-Windows-Security
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
-
terraform-aws-secure-baseline
Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
-
usbguard
USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: An evolving how-to guide for securing a Linux server | news.ycombinator.com | 2024-01-25
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...
Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04Which cloud provider?
https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.
Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security
There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.
A recent practical example of the former: the fish shell re-wrote incrementally from C++ to Rust, and is almost finished https://github.com/fish-shell/fish-shell/discussions/10123
An example of the latter: c2rust, which is a work in progress but is very impressive https://github.com/immunant/c2rust
It currently translates into unsafe Rust, but the strategy is to separate the "compile C to unsafe Rust" steps and the "compile unsafe Rust to safe Rust" steps. As I see it, as it makes the overall task simpler, allows for more user freedom, and makes the latter potentially useful even for non-transpiled code. https://immunant.com/blog/2023/03/lifting/
Project mention: BitLocker, TPM and Pluton | What Are They and How Do They Work | /r/cybersecurity | 2023-09-03We learned how important it is to use BitLocker and protect our data at rest. The Harden Windows Security repository employs BitLocker to encrypt the operation system drive and optionally any other drives that user chooses to. It utilizes the most secure configuration and military grade encryption algorithm, XTS-AES-256, TPM 2.0 and Start-up PIN.
You want USBGuard. Its probably available in your distro repository. Its a very neat piece of software!
A collection about Windows 11 security https://github.com/beerisgood/Windows11_Hardening
Project mention: WordPress plugin hole puts '2M websites' at risk | news.ycombinator.com | 2023-05-08I wonder if Snuffleupagus can block this exploit.
https://snuffleupagus.readthedocs.io/
Project mention: Wazuh Docker Single Node. 500 error after changing admin password | /r/Wazuh | 2023-07-31Now based on my reading of https://github.com/wazuh/wazuh-docker/issues/775This is means i should enter the indexer container and run securityadmin after setting the environment variables specified in the docs....I did this. The command completes successfully with no errors.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
security-hardening related posts
- SLSA up to v1.9.0 (latest) breaking GHA pipelines
- An evolving how-to guide for securing a Linux server
- Converting the Kernel to C++
- How to Secure a Linux Server
- Should I set up my own server?
- Ask HN: Cloud security auditing for indie-grade projects?
- Private and Secure Windows
-
A note from our sponsor - InfluxDB
www.influxdata.com | 23 Apr 2024
Index
What are some of the best open-source security-hardening projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | How-To-Secure-A-Linux-Server | 16,664 |
| 2 | lynis | 12,493 |
| 3 | vuls | 10,659 |
| 4 | prowler | 9,514 |
| 5 | Wazuh | 9,108 |
| 6 | awesome-security-hardening | 4,935 |
| 7 | c2rust | 3,673 |
| 8 | privacy.sexy | 3,493 |
| 9 | user.js | 2,713 |
| 10 | content | 2,076 |
| 11 | Librefox | 1,705 |
| 12 | sandboxed-api | 1,642 |
| 13 | rails-security-checklist | 1,350 |
| 14 | hardening | 1,306 |
| 15 | golang-tls | 1,209 |
| 16 | Harden-Windows-Security | 1,130 |
| 17 | terraform-aws-secure-baseline | 1,115 |
| 18 | usbguard | 1,071 |
| 19 | Windows11_Hardening | 984 |
| 20 | JShielder | 734 |
| 21 | snuffleupagus | 728 |
| 22 | krane | 658 |
| 23 | wazuh-docker | 568 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com