A collection of tools and documentation to help with hardening Windows- and Linux-based operating systems.
Platform | CIS script | Custom scripts |
---|---|---|
Windows 11 | ✔️ | ❌ |
Windows 10 | ✔️ | ✔️ |
Windows Server 2019 | ✔️ | ✔️ |
Windows Server 2016 | ✔️ | ✔️ |
Ubuntu 21 | ❌ | ❌ |
Ubuntu 20 | ✔️ | ✔️ |
Ubuntu 18 | ✔️ | ✔️ |
Ubuntu 16 | ✔️ | ✔️ |
Debian 11 | ❌ | ❌ |
Debian 10 | ✔️ | ✔️ |
Debian 9 | ✔️ | ✔️ |
Debian 8 | ✔️ | ✔️ |
Linux
- Fix line endings with
apt install dos2unix -y && shopt -s globstar && dos2unix ./**/*.sh
- Run the appropriate file in the release folder with root privileges.
Windows
- Run the appropriate file in the release folder with administrator privileges.
[one, two]
is a pattern that includes both one
and two
folders for the remaining content.
For example, hello/[one, two]/three
can be expanded to hello/one/three
and hello/two/three
.
Folder | Source | Description |
---|---|---|
docs/cis |
Center for Internet Security | A collection of CIS benchmarks |
release |
Not sure what to run? Just run the file for your operating system in here | |
linux/cis/debian |
OVH | CIS-compliant script for Debian 8 to 10 |
linux/cis/debian9 |
florianutz | CIS-compliant script for Debian 9 |
linux/cis/[ubu16, ubu18, ubu20] |
florianutz | CIS-compliant scripts for Ubuntu 16 to 20 |
[linux, windows]/diff |
Matteo Polak | Returns a list of all files that are not present in a vanilla installation of an operating system |
[linux, windows]/files |
Matteo Polak | Finds suspiscious file extensions and writes them to a file |
windows/cis |
NVISO Security | CIS-compliant scripts for Windows 10 and Windows Server 2016 to 2019 |
windows/security |
A collection of scripts to audit permissions and other content | |
linux/security |
A collection of scripts to audit permissions and other content |
Operating System | Link | Description |
---|---|---|
Windows 10 | https://github.com/0x6d69636b/windows_hardening | Windows 10 hardening script written in PowerShell |
Windows | https://github.com/CISecurity/TOOLKIT | Hardening scripts for older versions of Windows-based operating systems |
Windows | https://github.com/Sneakysecdoggo/Wynis | Hardening scripts for Office365 and system auditing |
Windows Server 2016 | https://github.com/MightyCrizo/cis-microsoft-windows-server-2016-benchmark-powershell | Hardening scripts for Windows Server 2016 |
Ubuntu 20.04 | https://github.com/alivx/CIS-Ubuntu-20.04-Ansible | Hardening script made with Ansible (not complete) |
Ubuntu 18.04 | https://github.com/cloudogu/CIS-Ubuntu-18.04 | Hardening script for Ubuntu 18.04 |
Ubuntu 18.04 and 20.04 | https://github.com/kenneth-karlsson/Cisecurity | Hardening scripts for Ubuntu 18.04 and Ubuntu 20.04 |
Ubuntu 16.04 | https://github.com/radsec/Ubuntu1604-CIS | Hardening scripts for Ubuntu 16.04 |
Debian 10 | https://github.com/dbernaci/CIS-Debian10-Ansible | Hardening script written in Ansible for Debian 10 |
Debian 7 and 9 | https://github.com/tuxtter/hardening | Hardening script for Debian 7 and Debian 9 |
Linux | https://github.com/nozaq/amazon-linux-cis | Hardening script for Amazon Linux |