Created
June 5, 2014 14:56
-
-
Save philcryer/90e6ec16098549c9f910 to your computer and use it in GitHub Desktop.
Ideas for future server hardening script (witty name TBA)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1) read about some great chef recipes that auto hardened ssh and the OS for you... | |
| https://github.com/TelekomLabs/chef-ssh-hardening | |
| https://github.com/TelekomLabs?query=hardening | |
| 2) these were influenced by some of these links | |
| https://wiki.archlinux.org/index.php/Sysctl | |
| http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdfhttps://github.com/TelekomLabs/chef-os-hardening | |
| https://wiki.ubuntu.com/Security/Features | |
| 3) then I found another post, this about hardening at the base install | |
| http://konstruktoid.net/2014/04/25/creating-a-baseline-ubuntu-14-04-server/ | |
| and then later | |
| http://konstruktoid.net/2014/04/29/hardening-the-ubuntu-14-04-server-even-further/ | |
| 4) while it's cool ppl are rolling this into chef/puppet, I want a single script I can curl -o /tmp/script|sh - and run on any system to get the hardening setup automagically. Chef/puppet could call that script to do the dirty work still, but this way tons more servers could get locked down *considerable* more. | |
| 5) witty script name TBA | |
| 6) then new repo/script created/testing/release |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment