Skip to content
@dev-sec

DevSec Hardening Framework

Security + DevOps: Automatic Server Hardening
README.md

DevSec Hardening Framework

banner

Challenge

Running secure infrastructure is a difficult task. Although server hardening is a well-known topic with many guides out in the wild, it is still very cumbersome to apply and verify secure configuration. If you manage many server, they need to be configured properly and maintained, which is difficult and time-consuming to get right. To answer these needs for security, compliance, and maintainability, we decided to launch this project as a common ground for requirements and their fulfillment.

Vision / Goal

Our goal is simple: Create a common layer for operating system and services hardening. Even if you aren’t knee-deep in configuration manuals for services or the latest security recommendations, you will be able to implement and use this framework with ease.

Pinned

  1. ansible-collection-hardening Public

    This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

    Jinja 3.3k 659

  2. chef-os-hardening Public

    This chef cookbook provides numerous security-related configurations, providing all-round base protection.

    Ruby 426 135

  3. puppet-os-hardening Public

    This puppet module provides numerous security-related configurations, providing all-round base protection.

    Puppet 260 103

  4. linux-baseline Public

    DevSec Linux Baseline - InSpec Profile

    Ruby 731 176

  5. cis-docker-benchmark Public

    CIS Docker Benchmark - InSpec Profile

    Ruby 455 110

  6. cis-kubernetes-benchmark Public

    CIS Kubernetes Benchmark - InSpec Profile

    Ruby 285 75

Repositories

View all repositories