Follow

I hope you're all having a wonderful Christmas! Does anyone here happen to have thoughts on *nix hardening scripts? I'm looking to code in a universal shell (/bin/sh), but I am considering installing a shell (bash, zsch, tcsh) in addition to hardening. I would like to know what others think about hardening scripts or about shell preference.

@synture i found this really useful when i needed a starting point for golden images: dev-sec.io/ . Not sure if you're in a position where (semi)immutable infra is in scope, but using this along with packer (packer.io/intro/index.html) was really useful for me.

What's your target machine?

@maxg I am looking for support with *nix oses, with a preference on Debian. Thank you both for the help @jerry.

@synture here's the dev-sec baseline (controls tested with inspec, and conformance via chef, puppet, or ansible) dev-sec.io/baselines/linux/

How are you looking to deploy your hardening scripts?

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.