mirror of
https://github.com/decalage2/awesome-security-hardening.git
synced 2024-10-01 03:35:35 -04:00
6.8 KiB
6.8 KiB
awesome-security-hardening
A collection of awesome security hardening guides, tools and other resources. This is work in progress: please contribute by forking, editing and sending pull requests.
Security Hardening Guides
Hardening Guide Collections
- CIS Benchmarks (registration required)
- ANSSI Best Practices
- NSA Security Configuration Guidance
- NSA Cybersecurity Resources for Cybersecurity Professionals and NSA Cybersecurity publications
- US DoD DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
- Australian Cyber Security Center Publications
- FIRST Best Practice Guide Library (BPGL)
GNU/Linux
- ANSSI - Configuration recommendations of a GNU/Linux system
- nixCraft - 40 Linux Server Hardening Security Tips (2019 edition)
- nixCraft - Tips To Protect Linux Servers Physical Console Access
Red Hat Enterprise Linux - RHEL
- A Guide to Securing Red Hat Enterprise Linux 7
- DISA STIGs RHEL
- nixCraft - How to set up a firewall using FirewallD on RHEL 8
SUSE
- SUSE Linux Enterprise Server 12 SP4 Security Guide
- SUSE Linux Enterprise Server 12 Security and Hardening Guide
Ubuntu
Windows
macOS
Network Devices
- NSA - Harden Network Devices - very short but good summary
Switches
Routers
Virtualization - VMware
Services
SSH
- NIST IR 7966 - Security of Interactive and Automated Access Management Using Secure Shell (SSH)
- ANSSI - (Open)SSH secure use recommendations
- Linux Audit - OpenSSH security and hardening
- Positron Security SSH Hardening Guides - focused on crypto algorithms
TLS/SSL
- NIST SP800-52 Rev 1 - Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations (2014)
- ANSSI - Security Recommendations for TLS
- Qualys SSL Labs - SSL and TLS Deployment Best Practices
Web Servers
Mail Servers
FTP Servers
Database Servers
LDAP
- OpenLDAP Security Considerations
- Best Practices in LDAP Security (2011)
- LDAP: Hardening Server Security (so administrators can sleep at night)
- LDAP Authentication Best Practices - retrieved from web.archive.org
- Hardening OpenLDAP on Linux with AppArmor and systemd - slides
- zytrax LDAP for Rocket Scientists - LDAP Security
- How To Encrypt OpenLDAP Connections Using STARTTLS
DNS
- NSA BIND 9 DNS Security (2011)
Authentication - Passwords
Hardware - BIOS - UEFI
- NSA Info Sheet: UEFI Lockdown Quick Guidance (March 2018)
- NSA Tech Report: UEFI Defensive Practices Guidance (July 2017)
Cloud
Tools
Tools to check security hardening
- Lynis - script to check the configuration of Linux hosts
- Nipper-ng - to check the configuration of network devices (does not seem to be updated)
Tools to apply security hardening
- Bastille Linux - outdated
- Hardentools - for Windows individual users (not corporate environments) at risk, who might want an extra level of security at the price of some usability.