2019-04-29 08:13:07 -04:00
# awesome-security-hardening
2019-04-29 08:46:42 -04:00
[![Awesome ](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg )](https://github.com/sindresorhus/awesome)
A collection of awesome security hardening guides, tools and other resources.
This is work in progress: please contribute by forking, editing and sending pull requests.
------
# Security Hardening Guides
## Hardening Guide Collections
- [CIS Benchmarks ](https://learn.cisecurity.org/benchmarks ) (registration required)
- [ANSSI Best Practices ](https://www.ssi.gouv.fr/en/best-practices/ )
- [NSA Security Configuration Guidance ](https://apps.nsa.gov/iaarchive/library/ia-guidance/security-configuration/index.cfm?PAGE=1&itemsQty=ALL )
2019-05-01 02:35:50 -04:00
- [NSA Cybersecurity Resources for Cybersecurity Professionals ](https://www.nsa.gov/what-we-do/cybersecurity/ ) and [NSA Cybersecurity publications ](https://nsacyber.github.io/publications.html )
2019-04-30 04:00:08 -04:00
- [US DoD DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) ](https://iase.disa.mil/stigs/Pages/index.aspx )
2019-04-29 08:46:42 -04:00
- [Australian Cyber Security Center Publications ](https://www.cyber.gov.au/publications )
- [FIRST Best Practice Guide Library (BPGL) ](https://www.first.org/resources/guides/ )
## GNU/Linux
- [ANSSI - Configuration recommendations of a GNU/Linux system ](https://www.ssi.gouv.fr/en/guide/configuration-recommendations-of-a-gnulinux-system/ )
- [nixCraft - 40 Linux Server Hardening Security Tips (2019 edition) ](https://www.cyberciti.biz/tips/linux-security.html )
2019-04-30 02:48:12 -04:00
- [nixCraft - Tips To Protect Linux Servers Physical Console Access ](https://www.cyberciti.biz/tips/tips-to-protect-linux-servers-physical-console-access.html )
2019-04-29 08:46:42 -04:00
### Red Hat Enterprise Linux - RHEL
- [A Guide to Securing Red Hat Enterprise Linux 7 ](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/security_guide/index )
2019-04-30 02:40:39 -04:00
- [DISA STIGs RHEL ](https://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx )
2019-04-30 02:46:01 -04:00
- [nixCraft - How to set up a firewall using FirewallD on RHEL 8 ](https://www.cyberciti.biz/faq/configure-set-up-a-firewall-using-firewalld-on-rhel-8/ )
2019-04-29 08:46:42 -04:00
### SUSE
- [SUSE Linux Enterprise Server 12 SP4 Security Guide ](https://www.suse.com/documentation/sles-12/singlehtml/book_security/book_security.html )
2019-04-30 02:33:33 -04:00
- [SUSE Linux Enterprise Server 12 Security and Hardening Guide ](https://www.suse.com/documentation/sles-12/book_hardening/data/book_hardening.html )
2019-04-29 08:46:42 -04:00
### Ubuntu
## Windows
2019-05-01 02:27:47 -04:00
- [Awesome Windows Domain Hardening ](https://github.com/PaulSec/awesome-windows-domain-hardening )
2019-04-29 08:46:42 -04:00
## macOS
## Network Devices
2019-04-30 02:52:27 -04:00
- [NSA Harden Network Devices ](https://apps.nsa.gov/iaarchive/library/ia-guidance/security-tips/harden-network-devices.cfm ) - very short but good summary
2019-04-30 04:00:08 -04:00
- [DISA Layer 2 Switch SRG ](http://iasecontent.disa.mil/stigs/zip/U_Layer_2_Switch_V1R3_SRG.zip )
2019-04-30 02:52:27 -04:00
2019-04-29 08:46:42 -04:00
## Virtualization - VMware
- [VMware Security Hardening Guides ](https://www.vmware.com/security/hardening-guides.html )
## Services
### SSH
- [NIST IR 7966 - Security of Interactive and Automated Access Management Using Secure Shell (SSH) ](https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.7966.pdf )
- [ANSSI - (Open)SSH secure use recommendations ](https://www.ssi.gouv.fr/en/guide/openssh-secure-use-recommendations/ )
- [Linux Audit - OpenSSH security and hardening ](https://linux-audit.com/audit-and-harden-your-ssh-configuration/ )
2019-04-30 02:37:43 -04:00
- [Positron Security SSH Hardening Guides ](https://www.sshaudit.com/hardening_guides.html ) - focused on crypto algorithms
2019-04-29 08:46:42 -04:00
### Web Servers
### Mail Servers
### FTP Servers
### Database Servers
### LDAP
2019-04-30 03:11:42 -04:00
- [OpenLDAP Security Considerations ](http://www.openldap.org/doc/admin24/security.html )
2019-04-30 03:18:08 -04:00
- [Best Practices in LDAP Security ](https://www.skills-1st.co.uk/papers/ldap-best-2011/best-practices-in-ldap-security.pdf ) (2011)
2019-04-30 03:21:32 -04:00
- [LDAP: Hardening Server Security (so administrators can sleep at night) ](https://ff1959.wordpress.com/2013/07/31/ldap-hardening-server-security-so-administrators-can-sleep-at-night/ )
2019-04-30 03:11:42 -04:00
2019-04-30 02:56:14 -04:00
### DNS
- [NSA BIND 9 DNS Security ](https://apps.nsa.gov/iaarchive/library/ia-guidance/security-configuration/applications/bind-9-dns-security.cfm ) (2011)
2019-04-29 09:27:22 -04:00
## Authentication - Passwords
- [UK NCSC - Password administration for system owners ](https://www.ncsc.gov.uk/collection/passwords )
- [NIST SP 800-63 Digital Identity Guidelines ](https://pages.nist.gov/800-63-3/ )
2019-04-29 08:46:42 -04:00
# Tools
## Tools to check security hardening
- [Lynis ](https://cisofy.com/lynis/ )
## Tools to apply security hardening
2019-04-29 09:01:42 -04:00
- [Bastille Linux ](http://bastille-linux.sourceforge.net/ ) - outdated
- [Hardentools ](https://github.com/securitywithoutborders/hardentools ) - for Windows individual users (not corporate environments) at risk, who might want an extra level of security at the price of some usability.
2019-04-29 08:46:42 -04:00
# Books