awesome-security-hardening

A collection of awesome security hardening guides, tools and other resources. This is work in progress: please contribute by forking, editing and sending pull requests.

---

Security Hardening Guides

Hardening Guide Collections

• CIS Benchmarks (registration required)
• ANSSI Best Practices
• NSA Security Configuration Guidance
• DISA Security Technical Implementation Guides (STIGs)
• Australian Cyber Security Center Publications
• FIRST Best Practice Guide Library (BPGL)

GNU/Linux

• ANSSI - Configuration recommendations of a GNU/Linux system
• nixCraft - 40 Linux Server Hardening Security Tips (2019 edition)

Red Hat Enterprise Linux - RHEL

• A Guide to Securing Red Hat Enterprise Linux 7
• DISA STIGs RHEL

SUSE

• SUSE Linux Enterprise Server 12 SP4 Security Guide
• SUSE Linux Enterprise Server 12 Security and Hardening Guide

Ubuntu

Windows

macOS

Network Devices

Virtualization - VMware

• VMware Security Hardening Guides

Services

SSH

• NIST IR 7966 - Security of Interactive and Automated Access Management Using Secure Shell (SSH)
• ANSSI - (Open)SSH secure use recommendations
• Linux Audit - OpenSSH security and hardening
• Positron Security SSH Hardening Guides - focused on crypto algorithms

Web Servers

Mail Servers

FTP Servers

Database Servers

LDAP

Authentication - Passwords

• UK NCSC - Password administration for system owners
• NIST SP 800-63 Digital Identity Guidelines

Tools

Tools to check security hardening

• Lynis

Tools to apply security hardening

• Bastille Linux - outdated
• Hardentools - for Windows individual users (not corporate environments) at risk, who might want an extra level of security at the price of some usability.

Books