mirror of
https://github.com/decalage2/awesome-security-hardening.git
synced 2024-10-01 03:35:35 -04:00
87 lines
3.5 KiB
Markdown
87 lines
3.5 KiB
Markdown
# awesome-security-hardening
|
|
|
|
[](https://github.com/sindresorhus/awesome)
|
|
|
|
A collection of awesome security hardening guides, tools and other resources.
|
|
This is work in progress: please contribute by forking, editing and sending pull requests.
|
|
|
|
------
|
|
|
|
# Security Hardening Guides
|
|
|
|
## Hardening Guide Collections
|
|
|
|
- [CIS Benchmarks](https://learn.cisecurity.org/benchmarks) (registration required)
|
|
- [ANSSI Best Practices](https://www.ssi.gouv.fr/en/best-practices/)
|
|
- [NSA Security Configuration Guidance](https://apps.nsa.gov/iaarchive/library/ia-guidance/security-configuration/index.cfm?PAGE=1&itemsQty=ALL)
|
|
- [DISA Security Technical Implementation Guides (STIGs)](https://iase.disa.mil/stigs/Pages/index.aspx)
|
|
- [Australian Cyber Security Center Publications](https://www.cyber.gov.au/publications)
|
|
- [FIRST Best Practice Guide Library (BPGL)](https://www.first.org/resources/guides/)
|
|
|
|
## GNU/Linux
|
|
|
|
- [ANSSI - Configuration recommendations of a GNU/Linux system](https://www.ssi.gouv.fr/en/guide/configuration-recommendations-of-a-gnulinux-system/)
|
|
- [nixCraft - 40 Linux Server Hardening Security Tips (2019 edition)](https://www.cyberciti.biz/tips/linux-security.html)
|
|
- [nixCraft - Tips To Protect Linux Servers Physical Console Access](https://www.cyberciti.biz/tips/tips-to-protect-linux-servers-physical-console-access.html)
|
|
|
|
### Red Hat Enterprise Linux - RHEL
|
|
|
|
- [A Guide to Securing Red Hat Enterprise Linux 7](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/security_guide/index)
|
|
- [DISA STIGs RHEL](https://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx)
|
|
- [nixCraft - How to set up a firewall using FirewallD on RHEL 8](https://www.cyberciti.biz/faq/configure-set-up-a-firewall-using-firewalld-on-rhel-8/)
|
|
|
|
### SUSE
|
|
|
|
- [SUSE Linux Enterprise Server 12 SP4 Security Guide](https://www.suse.com/documentation/sles-12/singlehtml/book_security/book_security.html)
|
|
- [SUSE Linux Enterprise Server 12 Security and Hardening Guide](https://www.suse.com/documentation/sles-12/book_hardening/data/book_hardening.html)
|
|
|
|
### Ubuntu
|
|
|
|
|
|
## Windows
|
|
|
|
## macOS
|
|
|
|
## Network Devices
|
|
|
|
## Virtualization - VMware
|
|
|
|
- [VMware Security Hardening Guides](https://www.vmware.com/security/hardening-guides.html)
|
|
|
|
## Services
|
|
|
|
### SSH
|
|
|
|
- [NIST IR 7966 - Security of Interactive and Automated Access Management Using Secure Shell (SSH)](https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.7966.pdf)
|
|
- [ANSSI - (Open)SSH secure use recommendations](https://www.ssi.gouv.fr/en/guide/openssh-secure-use-recommendations/)
|
|
- [Linux Audit - OpenSSH security and hardening](https://linux-audit.com/audit-and-harden-your-ssh-configuration/)
|
|
- [Positron Security SSH Hardening Guides](https://www.sshaudit.com/hardening_guides.html) - focused on crypto algorithms
|
|
|
|
### Web Servers
|
|
|
|
### Mail Servers
|
|
|
|
### FTP Servers
|
|
|
|
### Database Servers
|
|
|
|
### LDAP
|
|
|
|
## Authentication - Passwords
|
|
|
|
- [UK NCSC - Password administration for system owners](https://www.ncsc.gov.uk/collection/passwords)
|
|
- [NIST SP 800-63 Digital Identity Guidelines](https://pages.nist.gov/800-63-3/)
|
|
|
|
# Tools
|
|
|
|
## Tools to check security hardening
|
|
|
|
- [Lynis](https://cisofy.com/lynis/)
|
|
|
|
## Tools to apply security hardening
|
|
|
|
- [Bastille Linux](http://bastille-linux.sourceforge.net/) - outdated
|
|
- [Hardentools](https://github.com/securitywithoutborders/hardentools) - for Windows individual users (not corporate environments) at risk, who might want an extra level of security at the price of some usability.
|
|
|
|
# Books
|