Skip to content

A collection of awesome security hardening guides, tools and other resources

Notifications You must be signed in to change notification settings

cpt-kernel/awesome-security-hardening

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 

Repository files navigation

awesome-security-hardening

Awesome

A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources. This is work in progress: please contribute by sending your suggestions. You may do this by creating issue tickets or forking, editing and sending pull requests. You may also send suggestions on Twitter to @decalage2, or use https://www.decalage.info/contact


Table of Contents


Security Hardening Guides and Best Practices

Hardening Guide Collections

GNU/Linux

Red Hat Enterprise Linux - RHEL

CentOS

SUSE

Ubuntu

Windows

See also Active Directory and ADFS below.

macOS

Network Devices

Switches

Routers

IPv6

  • ERNW - Developing an Enterprise IPv6 Security Strategy Part 1, Part 2, Part 3, Part 4 - Network Isolation on the Routing Layer, Traffic Filtering in IPv6 Networks
  • see also IPv6 links under GNU/Linux, Windows and macOS

Firewalls

Virtualization - VMware

Containers - Docker

Services

SSH

TLS/SSL

Web Servers

Apache HTTP Server

Apache Tomcat

Eclipse Jetty

Microsoft IIS

Mail Servers

FTP Servers

Database Servers

Active Directory

ADFS

Kerberos

LDAP

DNS

NTP

NFS

CUPS

Authentication - Passwords

Hardware - CPU - BIOS - UEFI

Cloud

Tools

Tools to check security hardening

  • Chef InSpec - open-source testing framework by Chef that enables you to specify compliance, security, and other policy requirements. can run on Windows and many Linux distributions.

GNU/Linux

Windows

  • HardeningAuditor - Scripts for comparing Microsoft Windows compliance with the Australian ASD 1709 & Office 2016 Hardening Guides

Network Devices

  • Nipper-ng - to check the configuration of network devices (does not seem to be updated)

TLS/SSL

SSH

  • ssh-audit - SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Hardware - CPU - BIOS - UEFI

Docker

  • Docker Bench for Security - script that checks for dozens of common best-practices around deploying Docker containers in production, inspired by the CIS Docker Community Edition Benchmark v1.1.0.

Cloud

Tools to apply security hardening

GNU/Linux

Windows

  • Hardentools - for Windows individual users (not corporate environments) at risk, who might want an extra level of security at the price of some usability.
  • Windows 10 Hardening - A collective resource of settings modifications (mostly opt-outs) that attempt to make Windows 10 as private and as secure as possible.
  • Windows 10 Initial Setup Script - PowerShell script for automation of routine tasks done after fresh installations of Windows 10 / Server 2016 / Server 2019
  • Automated-AD-Setup - A PowerShell script that aims to have a fully configured domain built in under 10 minutes, but also apply security configuration and hardening

TLS/SSL

Cloud

Password Generators

Books

Other Awesome Lists

(borrowed from Awesome Security)

Other Awesome Security Lists

About

A collection of awesome security hardening guides, tools and other resources

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published