Security Hardening

How-to-Secure-A-Linux-Server

A comprehensive, evolving guide to hardening a Linux server with practical steps and security best practices.

DockerSlimGo

SlimToolkit minifies and secures container images by up to 30x without requiring changes to your Dockerfile or workflow.

wsargent

A comprehensive cheat sheet for Docker commands, best practices, and security tips.

lynisShell

A security auditing and hardening tool for UNIX-based systems, performing in-depth scans and compliance testing.

ProwlerPython

An open-source cloud security platform that automates security and compliance assessments across AWS, Azure, GCP, and other cloud providers.

prowlerPython

An open-source cloud security platform that automates security and compliance assessments across AWS, Azure, GCP, and other cloud providers.

Nginx HTTP server boilerplate configs

A collection of Nginx configuration files to improve server performance, security, and resource delivery.

BubblewrapC

A low-level unprivileged sandboxing tool for Linux that creates container-like environments without requiring root privileges.

Awesome Security Hardening

A curated collection of security hardening guides, best practices, checklists, benchmarks, and tools for various systems and services.

ansible-os-hardeningJinja

An Ansible collection providing battle-tested security hardening for Linux, SSH, nginx, and MySQL.

c2rustRust

A transpiler that migrates C99-compliant code to unsafe Rust, preserving functionality and enabling incremental refactoring.

NsJailC++

A lightweight Linux process isolation tool using namespaces, cgroups, rlimits, and seccomp-bpf syscall filters for enhanced security.

Secure HeadersRuby

A Ruby gem for automatically applying security headers with safe defaults to protect web applications from common vulnerabilities.

HardenToolsGo

A Windows security tool that reduces the attack surface by disabling risky features in Windows, Office, Adobe Reader, and LibreOffice.

Linux auditd Detection RulesetShell

A production-ready auditd configuration for Linux security monitoring that works out-of-the-box across major distributions.

PlumHoundPython

A BloodHoundAD report engine that transforms Neo4J graph queries into actionable security reports for blue and purple teams.

BaneGo

A custom AppArmor profile generator for Docker containers that simplifies security configuration.

baneGo

A custom AppArmor profile generator for Docker containers that simplifies container security.

terraform-aws-secure-baselineHCL

A Terraform module to configure AWS accounts with a secure baseline aligned to CIS AWS Foundations and AWS Foundational Security Best Practices.

Harden Runner GitHub ActionTypeScript

A CI/CD security agent that monitors GitHub Actions runners for threats like network egress, file integrity, and process activity.

strongholdPython

A command-line tool to securely configure macOS security and privacy settings with a single command.

StrongholdPython

A command-line tool to securely configure macOS security and privacy settings with a single command.

AntivmdetectPython

A script that generates VirtualBox templates to harden Windows VMs against malware detection.

Applied-Crypto-HardeningTeX

A practical guide to configuring secure online communication and services using cryptography best practices.

PESecurityPowerShell

PowerShell module to check Windows binaries for security features like ASLR, DEP, SafeSEH, and Authenticode.

nix-bitcoinNix

A collection of Nix packages and NixOS modules for securely deploying full-featured Bitcoin and Lightning nodes.

Nginx common configuration - Universal config and snippetsDockerfile

A collection of production-ready Nginx configuration snippets, templates, and best practices for common web server setups.

CIS Docker BenchmarkRuby

An InSpec compliance profile that automates security testing for Docker daemon and containers against CIS benchmarks.

quick-secureShell

A script to quickly harden UNIX/Linux system permissions and ownership for security compliance and standardization.

Awesome Kubernetes (K8s) Threat Detection

A curated list of resources for detecting threats and defending Kubernetes systems.

rails-template(ackama)Ruby

A Rails application template preloaded with best practices for TDD, security, deployment, and developer productivity.

oci-seccomp-bpf-hookGo

An OCI hook that traces container syscalls using eBPF to generate tailored seccomp security profiles.

Artillery

An open-source blue team tool that protects Linux and Windows operating systems through multiple security methods.

ansible-relayorHTML

An Ansible role that automates the deployment and management of Tor relays with security features like offline master keys and Prometheus monitoring.

OpenSCAPShell

Tools for vulnerability scanning and compliance auditing of Docker containers and images using OpenSCAP.

ScarusC++

An OCI-compatible container engine designed specifically for running Linux containers on High Performance Computing (HPC) environments.