GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → marshyski → Quick Secure

marshyski / Quick Secure

Licence: gpl-3.0
Quickly secure UNIX/Linux systems

Programming Languages

shell
77523 projects

Labels

dockerlinuxsecuritysecurity-hardening

Projects that are alternatives of or similar to Quick Secure

ad-privileged-audit
Provides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-88.92%)
Mutual labels:  security-hardening
SIPTorch
A "SIP Torture" (RFC 4475) testing suite.
Stars: ✭ 54 (-85.75%)
Mutual labels:  security-hardening
Wazuh Ruleset
Wazuh - Ruleset
Stars: ✭ 305 (-19.53%)
Mutual labels:  security-hardening
WhiteBeam
WhiteBeam: Transparent endpoint security
Stars: ✭ 74 (-80.47%)
Mutual labels:  security-hardening
wazuh-cloudformation
Wazuh - Amazon AWS Cloudformation
Stars: ✭ 32 (-91.56%)
Mutual labels:  security-hardening
UBUNTU18-CIS
CIS Baseline Ansible Role for Ubuntu 18
Stars: ✭ 20 (-94.72%)
Mutual labels:  security-hardening
matrix
mirror of https://mypdns.org/my-privacy-dns/matrix as it is obviously no longer safe to do Girhub nor have we no longer any trust in them. See https://mypdns.org/my-privacy-dns/porn-records/-/issues/1347
Stars: ✭ 32 (-91.56%)
Mutual labels:  security-hardening
Rhel7 Cis
Ansible role for Red Hat 7 CIS Baseline
Stars: ✭ 337 (-11.08%)
Mutual labels:  security-hardening
terraform-aws-secure-vpc
A terraform module to create a VPC with secure default configurations.
Stars: ✭ 13 (-96.57%)
Mutual labels:  security-hardening
Serialkiller
Look-Ahead Java Deserialization Library
Stars: ✭ 277 (-26.91%)
Mutual labels:  security-hardening
Windows11 Hardening
My Windows 11 x64 security hardening guide
Stars: ✭ 267 (-29.55%)
Mutual labels:  security-hardening
awesome-rails-security
A curated list of security resources for a Ruby on Rails application
Stars: ✭ 36 (-90.5%)
Mutual labels:  security-hardening
Electriceye
Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.
Stars: ✭ 255 (-32.72%)
Mutual labels:  security-hardening
MacOS-Security-Baseline
Baseline Security Configuration For MacOS
Stars: ✭ 61 (-83.91%)
Mutual labels:  security-hardening
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+1103.43%)
Mutual labels:  security-hardening
Update-AllUsersQA
Update-AllUsersQA is a PowerShell script used to change or disable the security questions and answers for local users in a Windows 10 machine.
Stars: ✭ 21 (-94.46%)
Mutual labels:  security-hardening
wazuh-puppet
Wazuh - Puppet module
Stars: ✭ 25 (-93.4%)
Mutual labels:  security-hardening
Go Safeweb
Secure-by-default HTTP servers in Go.
Stars: ✭ 366 (-3.43%)
Mutual labels:  security-hardening
Thgtoa
The Hitchhiker’s Guide to Online Anonymity
Stars: ✭ 326 (-13.98%)
Mutual labels:  security-hardening
Krane
Kubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-32.98%)
Mutual labels:  security-hardening
View All Similar Projects ➔

Quick NIX Secure Script

Quick NIX Secure Script is used to harden and secure basic permissions and ownership on the fly. This script can be used during boot up, cron, bootstrapping, kickstart, jumpstart and during other system deployments. I recommend using CM tools like Puppet or Ansible, but this is still nice.

Why use this?

Many times in (prod)uction world prior admins harden without automation or towards an industry baseline. This is to help get to a point of standardization and quickly set or reset basic system security.

Use before or after app deploymentz. I don't set umasks, so everything should work regardless ^_^

Industry Compliance

This is influenced from DISA STIGs, ODAA, NSA and NIST/FIPs. This does not enforce towards those baselines, but helps minimize CAT I-III findings.

Requirements

  • RHEL 5-6, Fedora 17-20, Ubuntu 10-13, Solaris 9-10 and OpenSolaris
  • root or equivalent
  • basic /bin /sbin /usr/bin executables

Installation

(Easiest method to get going)

curl -sfO https://raw.githubusercontent.com/marshyski/quick-secure/master/quick-secure && bash quick-secure

(Alternative)

git clone https://github.com/marshyski/quick-secure.git
chmod 0700 ./quick-secure/quick-secure

Securing Docker Containers

(Easiest method)

RUN cd / && curl -sfO https://raw.githubusercontent.com/marshyski/quick-secure/master/quick-secure && bash /quick-secure -f

(Alternative method)

ADD quick-secure /quick-secure
RUN bash /quick-secure -f

Usage

-c argument reviews what's commented out in quick-secure.

./quick-secure/quick-secure -c

-u argument reviews what's being applied to your current system.

./quick-secure/quick-secure -u

-f argument forces settings without being prompt with "are you sure" question.

./quick-secure/quick-secure -f

Run quick-secure for the first time: ./quick-secure/quick-secure in CLI.

Setup quick-secure to run every sunday at 11PM via root's cron:

00 23 * * 0 /root/quick-secure/quick-secure -f

Help & Feedback

You can email ([email protected]) me directly if you need help, submit an issue or pull request. Fork it.

Looking for better hardening for Ubuntu so pull request quick-secure.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].