I hope you're all having a wonderful Christmas! Does anyone here happen to have thoughts on *nix hardening scripts? I'm looking to code in a universal shell (/bin/sh), but I am considering installing a shell (bash, zsch, tcsh) in addition to hardening. I would like to know what others think about hardening scripts or about shell preference.

@synture i found this really useful when i needed a starting point for golden images: . Not sure if you're in a position where (semi)immutable infra is in scope, but using this along with packer ( was really useful for me.

What's your target machine?

@maxg I am looking for support with *nix oses, with a preference on Debian. Thank you both for the help @jerry.

@synture here's the dev-sec baseline (controls tested with inspec, and conformance via chef, puppet, or ansible)

How are you looking to deploy your hardening scripts?

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.