Top 23 Hardening Open-Source Projects
-
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
prowler
Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
To add onto what /u/mekkr_ has said; you can also use tools like Prowler to ensure your environment is compliant. Prowler also has conmon and forensic capabilities.
-
ansible-collection-hardening
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
-
Project mention: Structure of my rebuilt HomeServer with Podman | reddit.com/r/selfhosted | 2022-08-10
Right now I'm doing a similar setup but I want to use NGINX with integrated WAF.
-
hardentools
Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
Project mention: What should I do when Windows can't remove the virus? | reddit.com/r/antivirus | 2022-07-12Link: https://github.com/securitywithoutborders/hardentools
-
-
SonarLint
Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.
-
Project mention: How can I batch convert H264 to H265 this command on Window? | reddit.com/r/ffmpeg | 2022-07-04
#1: "HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10. And of course [their] own hardening list." | 20 comments #2: For those that work in IT Admin, what are the key Powershell Commands that every admin should know? #3: I wrote the mother-of-all onboarding scripts and now everyone blames me for everything...
-
-
lunasec
LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. Get started in one-click via our GitHub App or host it yourself. https://github.com/apps/lunatrace-by-lunasec/
Project mention: How to support open-source software and stay sane | news.ycombinator.com | 2022-08-03- Put the project into Awesome Lists so that people will actually find it (also helps with SEO)
- Add a license to the repo and, if you really want people to trust it, add license headers to every file (I see _so many_ projects without even a LICENSE file. Without this, it's illegal to use the code at all!)
Beyond all of that, Docs help a lot too, as does a "legit" looking website, but you can get away with pretty crappy docs if you do all of the above.
-
-
terraform-aws-secure-baseline
Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
-
-
hardened_malloc
Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.
Project mention: Few questions about GrapheneOS usability. | reddit.com/r/PrivacyGuides | 2022-08-07You should read the usage guide on the website https://grapheneos.org/. It will answer your questions.
-
Project mention: Any reviews of Snuffleupagus based on actual experience? | reddit.com/r/PHP | 2022-05-08
Having had to deal with a PHP exploit and still dealing with it I was looking around and came across jvoisin/snuffleupagus: Security module for php7 and php8 with is a successor to suhosin.
-
Project mention: JShielder: Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark | reddit.com/r/CKsTechNews | 2022-03-28
-
Project mention: How do you organize your folders when you have many projects and playbooks? | reddit.com/r/ansible | 2022-04-26
-
-
-
-
Many thanks u/pixelavenger. While I did not (yet) find the specific CIS recommendation, but I did find this which indicates that disabling SCTP module is perhaps too strong a reaction if the only justification is disabling those networking features that are usually not used frequently (to reduce attack surface). Apparently there was a vulnerability in WebRTC's user-space SCTP implementation, which has hence been fixed. There seem to be no known vulnerabilities in linux kernel SCTP implementation. Do you think Azure Support might be requested to optionally enable SCTP kernel module in the images ? Thanks also for the idea about using Daemon-set approach, perhaps a bit kludgy for the needs, as one'd need to invent a way to synchronize the completion of Daemon-set's task of enabling SCTP and startup of application that needs SCTP. Still better than nothing at all.
-
Works also for Windows 10, although upgrading to Windows 11 would be recommended from a security standpoint: https://github.com/beerisgood/Windows11_Hardening
-
Project mention: My org will soon be using Ansible, because of me | reddit.com/r/sysadmin | 2022-07-18
I have been using this to start the AMI baseline https://github.com/ansible-lockdown/RHEL7-STIG
Hardening related posts
- Ansible for automation/ hardening.
- Windows 10 / Mobile Security Hardening
- Online game network security
- Ask HN: How do you secure your home server?
- Any idea as to how major CEXs generate, store and use keys and seed phrases?
- Privacy and security baseline for personal Windows 10 and Windows 11
- Hardening Best Practices: Materials for Windows 10/11
Index
What are some of the best open-source Hardening projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | How-To-Secure-A-Linux-Server | 12,534 |
| 2 | lynis | 9,910 |
| 3 | prowler | 6,397 |
| 4 | ansible-collection-hardening | 2,837 |
| 5 | bunkerweb | 2,597 |
| 6 | hardentools | 2,289 |
| 7 | content | 1,630 |
| 8 | windows_hardening | 1,315 |
| 9 | mongoaudit | 1,252 |
| 10 | lunasec | 1,132 |
| 11 | hardening | 936 |
| 12 | terraform-aws-secure-baseline | 910 |
| 13 | grapheneX | 763 |
| 14 | hardened_malloc | 751 |
| 15 | snuffleupagus | 601 |
| 16 | JShielder | 590 |
| 17 | RHEL7-CIS | 429 |
| 18 | cis-docker-benchmark | 402 |
| 19 | aws-gate | 383 |
| 20 | HardeningKitty | 293 |
| 21 | ansible-role-hardening | 291 |
| 22 | Windows11_Hardening | 280 |
| 23 | RHEL7-STIG | 270 |
Are you hiring? Post a new remote job listing for free.
