GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → DenizParlak → Zephyrus

DenizParlak / Zephyrus

Licence: MIT license
Auditing & Hardening script for Kubernetes

Programming Languages

shell
77523 projects

Labels

dockerkuberneteshardeningdocker-hardeningkubernetes-hardeningcontainer-hardening

Projects that are alternatives of or similar to Zephyrus

Chef Ssh Hardening
This chef cookbook provides secure ssh-client and ssh-server configurations.
Stars: ✭ 144 (+220%)
Mutual labels:  hardening
Ansible Nginx Hardening
This Ansible role provides secure nginx configurations.
Stars: ✭ 180 (+300%)
Mutual labels:  hardening
cis benchmarks audit
Simple command line tool to check for compliance against CIS Benchmarks
Stars: ✭ 182 (+304.44%)
Mutual labels:  hardening
Windows hardening
Windows Hardening settings and configurations
Stars: ✭ 148 (+228.89%)
Mutual labels:  hardening
Bunkerized Nginx
🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+5146.67%)
Mutual labels:  hardening
Ansible Role Hardening
Ansible role to apply a security baseline. Systemd edition.
Stars: ✭ 188 (+317.78%)
Mutual labels:  hardening
Ansible Mysql Hardening
This Ansible role provides security configuration for MySQL.
Stars: ✭ 132 (+193.33%)
Mutual labels:  hardening
sigil
AWS SSM Session manager client
Stars: ✭ 67 (+48.89%)
Mutual labels:  hardening
Ansible Collection Hardening
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
Stars: ✭ 2,543 (+5551.11%)
Mutual labels:  hardening
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+17780%)
Mutual labels:  hardening
Hardentheworld
Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.
Stars: ✭ 158 (+251.11%)
Mutual labels:  hardening
Systemd Service Hardening
Basic guide to harden systemd services
Stars: ✭ 165 (+266.67%)
Mutual labels:  hardening
Ssh Baseline
DevSec SSH Baseline - InSpec Profile
Stars: ✭ 192 (+326.67%)
Mutual labels:  hardening
How To Secure A Linux Server
An evolving how-to guide for securing a Linux server.
Stars: ✭ 11,939 (+26431.11%)
Mutual labels:  hardening
chef-apache-hardening
dev-sec.io/
Stars: ✭ 24 (-46.67%)
Mutual labels:  hardening
Hardentools
Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
Stars: ✭ 2,100 (+4566.67%)
Mutual labels:  hardening
Blue Team
Blue Team Scripts
Stars: ✭ 190 (+322.22%)
Mutual labels:  hardening
chef-postgres-hardening
This chef cookbook provides security configuration for PostgreSQL.
Stars: ✭ 26 (-42.22%)
Mutual labels:  hardening
metabadger
Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
Stars: ✭ 123 (+173.33%)
Mutual labels:  hardening
Puppet Os Hardening
This puppet module provides numerous security-related configurations, providing all-round base protection.
Stars: ✭ 234 (+420%)
Mutual labels:  hardening
View All Similar Projects ➔

Zephyrus

Auditing & Hardening Tool for Kubernetes

Zephyrus is developing for system and application administrators, security specialists, auditors and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Kubernetes.

Zephyrus provides completely hardening solution and establishing a secure configuration posture for Kubernetes.

Master Node Security Configuration

  • 1.1.1 Ensure that the --allow-privileged argument is set to false
  • 1.1.2 Ensure that the --anonymous-auth argument is set to false
  • 1.1.3 Ensure that the --basic-auth-file argument is not set
  • 1.1.4 Ensure that the --insecure-allow-any-token argument is not set
  • 1.1.5 Ensure that the --kubelet-https argument is set to true
  • 1.1.6 Ensure that the --insecure-bind-address argument is not set
  • 1.1.7 Ensure that the --insecure-port argument is set to 0
  • 1.1.8 Ensure that the --secure-port argument is not set to 0
  • 1.1.9 Ensure that the --profiling argument is set to false
  • 1.1.10 Ensure that the --repair-malformed-updates argument is set to false
  • 1.1.11 Ensure that the admission control policy is not set to AlwaysAdmit
  • 1.1.12 Ensure that the admission control policy is set to AlwaysPullImages
  • 1.1.13 Ensure that the admission control policy is set to DenyEscalatingExec
  • 1.1.14 Ensure that the admission control policy is set to SecurityContextDeny
  • 1.1.15 Ensure that the admission control policy is set to NamespaceLifecycle
  • 1.1.16 Ensure that the --audit-log-path argument is set as appropriate
  • 1.1.17 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate
  • 1.1.18 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate
  • 1.1.19 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate
  • 1.1.20 Ensure that the --authorization-mode argument is not set to AlwaysAllow
  • 1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriate
  • 1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-clientkey arguments are set as appropriate
  • 1.1.23 Ensure that the --service-account-lookup argument is set to true
  • 1.1.24 Ensure that the admission control policy is set to PodSecurityPolicy
  • 1.1.25 Ensure that the --service-account-key-file argument is set as appropriate

ChangeLog

2/9/2017 - Added 20 audit modules for master node.

12/4/2018 - Added 5 audit modules for master node. UX changed.

Requirements

Zepyhrus has been written in bash script that it works in just Linux yet.

Make sure that the Kubernetes package is installed on the system and kube-apiserver service is running.

Usage

git clone https://github.com/DenizParlak/Zephyrus.git && cd Zephyrus && chmod +x Zephyrus.sh && ./Zephyrus.sh

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].