awesome -安全-强化
一系列出色的安全强化指南、最佳实践、清单、基准测试、工具和其他资源。这是正在进行的工作:请通过发送你的建议来做出贡献。你可以通过创建问题票证或分叉,编辑和发送拉取请求来执行此操作。你也可以在 Twitter 上向@decalage2发送建议,或使用 https://www.decalage.info/contact
目录
安全强化指南和最佳实践
强化指南集合
GNU/Linux
Red Hat Enterprise Linux - RHEL
CentOS
苏斯
乌班图
窗户
另请参阅下面的 Active Directory 和 ADFS。
苹果操作系统
网络设备
开关
路由器
第六国际计划
防火墙
虚拟化 - VMware
容器 - 泊坞窗
服务业
断续器
TLS/SSL
网络服务器
Apache HTTP Server
Apache 雄猫
日食码头
微软 IIS
邮件服务器
FTP 服务器
数据库服务器
活动目录
ADFS
克贝罗斯
断续器
域名解析
断续器
断续器
杯
身份验证 - 密码
硬件 - CPU - BIOS - UEFI
-
ANSSI - Hardware security requirements for x86 platforms - recommendations for security features and configuration options applying to hardware devices (CPU, BIOS, UEFI, etc) (Nov 2019)
-
NSA - Hardware and Firmware Security Guidance - Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance.
- NSA Info Sheet: UEFI Lockdown Quick Guidance (March 2018)
- NSA Tech Report: UEFI Defensive Practices Guidance (July 2017)
云
工具
用于检查安全强化的工具
-
Chef InSpec - open-source testing framework by Chef that enables you to specify compliance, security, and other policy requirements. can run on Windows and many Linux distributions.
GNU/Linux
-
Lynis - script to check the configuration of Linux hosts
-
OpenSCAP Base - oscap command line tool
-
SCAP Workbench - GUI for oscap
-
Tiger - The Unix security audit and intrusion detection tool (might be outdated)
-
otseca - Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
-
SUDO_KILLER - A tool to identify sudo rules' misconfigurations and vulnerabilities within sudo
-
CIS Benchmarks Audit - bash script which performs tests against your CentOS system to give an indication of whether the running server may comply with the CIS v2.2.0 Benchmarks for CentOS (only CentOS 7 for now)
窗户
-
Microsoft Security Compliance Toolkit 1.0 - set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products
-
Microsoft DSC Environment Analyzer (DSCEA) - simple implementation of PowerShell Desired State Configuration that uses the declarative nature of DSC to scan Windows OS based systems in an environment against a defined reference MOF file and generate compliance reports as to whether systems match the desired configuration
-
HardeningAuditor - Scripts for comparing Microsoft Windows compliance with the Australian ASD 1709 & Office 2016 Hardening Guides
-
PingCastle - Tool to check the security of Active Directory
网络设备
-
Nipper-ng - to check the configuration of network devices (does not seem to be updated)
TLS/SSL
断续器
-
ssh-audit - SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
硬件 - CPU - BIOS - UEFI
Docker
-
Docker Bench for Security - script that checks for dozens of common best-practices around deploying Docker containers in production, inspired by the CIS Docker Community Edition Benchmark v1.1.0.
Cloud
Tools to apply security hardening
GNU/Linux
Windows
-
Microsoft Security Compliance Toolkit 1.0 - set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products
-
Hardentools - for Windows individual users (not corporate environments) at risk, who might want an extra level of security at the price of some usability.
-
Windows 10 Hardening - A collective resource of settings modifications (mostly opt-outs) that attempt to make Windows 10 as private and as secure as possible.
-
Disassembler0 Windows 10 Initial Setup Script - PowerShell script for automation of routine tasks done after fresh installations of Windows 10 / Server 2016 / Server 2019
-
Automated-AD-Setup - A PowerShell script that aims to have a fully configured domain built in under 10 minutes, but also apply security configuration and hardening
-
mackwage/windows_hardening.cmd - Script to perform some hardening of Windows 10
TLS/SSL
Cloud
Password Generators
Books
Other Awesome Lists
Other Awesome Security Lists
(borrowed from Awesome Security)
-
Awesome Security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
-
Android Security Awesome - A collection of android security related resources.
-
Awesome CTF - A curated list of CTF frameworks, libraries, resources and software.
-
Awesome Cyber Skills - A curated list of hacking environments where you can train your cyber skills legally and safely.
-
Awesome Hacking - A curated list of awesome Hacking tutorials, tools and resources.
-
Awesome Honeypots - An awesome list of honeypot resources.
-
Awesome Malware Analysis - A curated list of awesome malware analysis tools and resources.
-
Awesome PCAP Tools - A collection of tools developed by other researchers in the Computer Science area to process network traces.
-
Awesome Pentest - A collection of awesome penetration testing resources, tools and other shiny things.
-
Awesome Linux Containers - A curated list of awesome Linux Containers frameworks, libraries and software.
-
Awesome Incident Response - A curated list of resources for incident response.
-
Awesome Web Hacking - This list is for anyone wishing to learn about web application security but do not have a starting point.
-
Awesome Threat Intelligence - A curated list of threat intelligence resources.
-
Awesome Pentest Cheat Sheets - Collection of the cheat sheets useful for pentesting
-
Awesome Industrial Control System Security - A curated list of resources related to Industrial Control System (ICS) security.
-
Awesome YARA - A curated list of awesome YARA rules, tools, and people.
-
Awesome Threat Detection and Hunting - A curated list of awesome threat detection and hunting resources.
-
Awesome Container Security - A curated list of awesome resources related to container building and runtime security
-
Awesome Crypto Papers - A curated list of cryptography papers, articles, tutorials and howtos.