awesome-security-hardening/README.md

# awesome-security-hardening

[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

A collection of awesome security hardening guides, tools and other resources.
This is work in progress: please contribute by forking, editing and sending pull requests.

------

# Security Hardening Guides

## Hardening Guide Collections

- [CIS Benchmarks](https://learn.cisecurity.org/benchmarks) (registration required)
- [ANSSI Best Practices](https://www.ssi.gouv.fr/en/best-practices/)
- [NSA Security Configuration Guidance](https://apps.nsa.gov/iaarchive/library/ia-guidance/security-configuration/index.cfm?PAGE=1&itemsQty=ALL)
- [DISA Security Technical Implementation Guides (STIGs)](https://iase.disa.mil/stigs/Pages/index.aspx)
- [Australian Cyber Security Center Publications](https://www.cyber.gov.au/publications)
- [FIRST Best Practice Guide Library (BPGL)](https://www.first.org/resources/guides/)

## GNU/Linux

- [ANSSI - Configuration recommendations of a GNU/Linux system](https://www.ssi.gouv.fr/en/guide/configuration-recommendations-of-a-gnulinux-system/)
- [nixCraft - 40 Linux Server Hardening Security Tips (2019 edition)](https://www.cyberciti.biz/tips/linux-security.html)

### Red Hat Enterprise Linux - RHEL

- [A Guide to Securing Red Hat Enterprise Linux 7](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/security_guide/index)

### SUSE

- [SUSE Linux Enterprise Server 12 SP4 Security Guide](https://www.suse.com/documentation/sles-12/singlehtml/book_security/book_security.html)
- [SUSE Linux Enterprise Server 12 Security and Hardening Guide](https://www.suse.com/documentation/sles-12/book_hardening/data/book_hardening.html)

### Ubuntu


## Windows

## macOS

## Network Devices

## Virtualization - VMware

- [VMware Security Hardening Guides](https://www.vmware.com/security/hardening-guides.html)

## Services

### SSH

- [NIST IR 7966 - Security of Interactive and Automated Access Management Using Secure Shell (SSH)](https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.7966.pdf)
- [ANSSI - (Open)SSH secure use recommendations](https://www.ssi.gouv.fr/en/guide/openssh-secure-use-recommendations/)
- [Linux Audit - OpenSSH security and hardening](https://linux-audit.com/audit-and-harden-your-ssh-configuration/)
- [Positron Security SSH Hardening Guides](https://www.sshaudit.com/hardening_guides.html) - focused on crypto algorithms

### Web Servers

### Mail Servers

### FTP Servers

### Database Servers

### LDAP

## Authentication - Passwords

- [UK NCSC - Password administration for system owners](https://www.ncsc.gov.uk/collection/passwords)
- [NIST SP 800-63 Digital Identity Guidelines](https://pages.nist.gov/800-63-3/)

# Tools

## Tools to check security hardening

- [Lynis](https://cisofy.com/lynis/)

## Tools to apply security hardening

- [Bastille Linux](http://bastille-linux.sourceforge.net/) - outdated
- [Hardentools](https://github.com/securitywithoutborders/hardentools) - for Windows individual users (not corporate environments) at risk, who might want an extra level of security at the price of some usability.

# Books
Initial commit 2019-04-29 08:13:07 -04:00			`# awesome-security-hardening`
first batch of links 2019-04-29 08:46:42 -04:00
			`[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)`

			`A collection of awesome security hardening guides, tools and other resources.`
			`This is work in progress: please contribute by forking, editing and sending pull requests.`

			`------`

			`# Security Hardening Guides`

			`## Hardening Guide Collections`

			`- [CIS Benchmarks](https://learn.cisecurity.org/benchmarks) (registration required)`
			`- [ANSSI Best Practices](https://www.ssi.gouv.fr/en/best-practices/)`
			`- [NSA Security Configuration Guidance](https://apps.nsa.gov/iaarchive/library/ia-guidance/security-configuration/index.cfm?PAGE=1&itemsQty=ALL)`
			`- [DISA Security Technical Implementation Guides (STIGs)](https://iase.disa.mil/stigs/Pages/index.aspx)`
			`- [Australian Cyber Security Center Publications](https://www.cyber.gov.au/publications)`
			`- [FIRST Best Practice Guide Library (BPGL)](https://www.first.org/resources/guides/)`

			`## GNU/Linux`

			`- [ANSSI - Configuration recommendations of a GNU/Linux system](https://www.ssi.gouv.fr/en/guide/configuration-recommendations-of-a-gnulinux-system/)`
			`- [nixCraft - 40 Linux Server Hardening Security Tips (2019 edition)](https://www.cyberciti.biz/tips/linux-security.html)`

			`### Red Hat Enterprise Linux - RHEL`

			`- [A Guide to Securing Red Hat Enterprise Linux 7](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/security_guide/index)`

			`### SUSE`

			`- [SUSE Linux Enterprise Server 12 SP4 Security Guide](https://www.suse.com/documentation/sles-12/singlehtml/book_security/book_security.html)`
added SUSE hardening guide 2019-04-30 02:33:33 -04:00			`- [SUSE Linux Enterprise Server 12 Security and Hardening Guide](https://www.suse.com/documentation/sles-12/book_hardening/data/book_hardening.html)`
first batch of links 2019-04-29 08:46:42 -04:00
			`### Ubuntu`


			`## Windows`

			`## macOS`

			`## Network Devices`

			`## Virtualization - VMware`

			`- [VMware Security Hardening Guides](https://www.vmware.com/security/hardening-guides.html)`

			`## Services`

			`### SSH`

			`- [NIST IR 7966 - Security of Interactive and Automated Access Management Using Secure Shell (SSH)](https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.7966.pdf)`
			`- [ANSSI - (Open)SSH secure use recommendations](https://www.ssi.gouv.fr/en/guide/openssh-secure-use-recommendations/)`
			`- [Linux Audit - OpenSSH security and hardening](https://linux-audit.com/audit-and-harden-your-ssh-configuration/)`
added Positron Security SSH guide 2019-04-30 02:37:43 -04:00			`- [Positron Security SSH Hardening Guides](https://www.sshaudit.com/hardening_guides.html) - focused on crypto algorithms`
first batch of links 2019-04-29 08:46:42 -04:00
			`### Web Servers`

			`### Mail Servers`

			`### FTP Servers`

			`### Database Servers`

			`### LDAP`

added authentication section 2019-04-29 09:27:22 -04:00			`## Authentication - Passwords`

			`- [UK NCSC - Password administration for system owners](https://www.ncsc.gov.uk/collection/passwords)`
			`- [NIST SP 800-63 Digital Identity Guidelines](https://pages.nist.gov/800-63-3/)`

first batch of links 2019-04-29 08:46:42 -04:00			`# Tools`

			`## Tools to check security hardening`

			`- [Lynis](https://cisofy.com/lynis/)`

			`## Tools to apply security hardening`

added Bastille, Hardentools 2019-04-29 09:01:42 -04:00			`- [Bastille Linux](http://bastille-linux.sourceforge.net/) - outdated`
			`- [Hardentools](https://github.com/securitywithoutborders/hardentools) - for Windows individual users (not corporate environments) at risk, who might want an extra level of security at the price of some usability.`

first batch of links 2019-04-29 08:46:42 -04:00			`# Books`