Search Results for "hardening"
Sort By:
Showing 44 open source projects for "hardening"
View related business solutions-
Cut Cloud Costs with Google Compute EngineSave on compute costs with Compute Engine. Reduce your batch jobs and workload bill 60-91% with Spot VMs. Compute Engine's committed use offers customers up to 70% savings through sustained use discounts. Plus, you get one free e2-micro VM monthly and $300 credit to start.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
DevSec Hardening
This Ansible collection provides battle tested hardening
Hardening adds a layer into your automation framework, that configures your operating systems and services. It takes care of difficult settings, compliance guidelines, cryptography recommendations, and secure defaults. Running secure infrastructure is a difficult task. Although server hardening is a well-known topic with many guides out in the wild, it is still very cumbersome to apply and verify secure configuration. -
2
lynis
Security auditing tool for Linux, macOS, and UNIX-based system
Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing. The project is open source software with the GPL license and available since 2007. Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include security auditing, compliance testing (e.g. PCI, HIPAA, SOx), penetration testing, vulnerability detection, and system hardening. ... -
3
Prowler
An open source security tool to perform AWS security assessment
Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. Prowler is a command-line tool that helps you with AWS security assessment, auditing, hardening, and incident response. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 100 additional checks related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2, and others. +200 checks covering security best practices across all AWS regions and most AWS services. ... -
4
Self Hosting Guide
Learn all about locally hosting (on premises & private web servers)
...It covers conceptual guidance on why self-hosting can be advantageous (e.g., privacy, control, cost savings) as well as detailed, actionable instructions on setting up popular services such as web servers, media servers, home automation stacks, VPNs, backups, and monitoring tools. Throughout the guide, best practices for hardening, maintenance, and uptime are emphasized, helping users avoid common pitfalls and adopt resilient architectures. Rather than being a single tutorial, it aggregates a wide range of resources, project recommendations, deployment strategies, and platform comparisons to help people make informed decisions about what to self-host and how to do it responsibly. -
Easily Host LLMs and Web Apps on Cloud RunRun frontend and backend services, batch jobs, host LLMs, and queue processing workloads without the need to manage infrastructure. Cloud Run gives you on-demand GPU access for hosting LLMs and running real-time AI—with 5-second cold starts and automatic scale-to-zero so you only pay for actual usage. New customers get $300 in free credit to start.
-
5
System Hardening Benchmark
System Hardening Compliance Auditor
This tool simulates a security compliance audit, checking system configurations against a defined benchmark (e.g., DISA STIG or CIS). -
6
Ansible for DevOps
Ansible for DevOps examples
...Rather than being theoretical, the examples span real-world infrastructure setups: multi-server orchestration, LAMP stacks, Docker deployments, Kubernetes cluster spins, rolling updates, and security hardening. You can clone the repo and play with actual scenarios using Vagrant, VirtualBox, or cloud hosts, making it ideal for both learning and reference in production readiness. The code is structured by chapter/topic, so you can pick a scenario (for example “nodejs deployment” or “ELK stack”) and dive into a fully featured Ansible solution rather than starting from scratch. ... -
7
NGINX Admin’s Handbook
How to improve NGINX performance, security, and other important things
...It distills years of research, notes, and field experience into a single handbook that complements the official docs with concrete rules, explanations, and curated external references. The handbook spans fundamentals and advanced topics alike, from HTTP and SSL/TLS basics to reverse proxy patterns, performance tuning, debugging workflows, and hardening strategies. A centerpiece is its prioritized checklist of 79 rules, grouped by criticality, helping readers focus on what most impacts security, reliability, and speed. Instead of copy-paste snippets in isolation, it emphasizes understanding trade-offs, avoiding common pitfalls, and balancing security with usability. Designed for system administrators and web application engineers, it aims to be a living companion that encourages experimentation, measurement, and continuous improvement of NGINX configurations -
8
WordPress
Just a mirror of the WordPress subversion repository
...Its maturity means a vast ecosystem of third-party integrations—SEO tools, forms, e-commerce, analytics—are available and battle-tested. Internally, WordPress handles routing, query parsing, template resolution, caching, and security hardening so developers can focus on content and user experience rather than infrastructure plumbing. -
9
StackRox Kubernetes
Performs a risk analysis of the container environment
The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment. StackRox integrates with every stage of the container lifecycle: build, deploy and runtime. The StackRox Kubernetes Security platform is built on the foundation of the product formerly known as Prevent, which itself was called Mitigate and Apollo. You may find references to these previous names in code or documentation. -
Build AI Apps with Gemini 3 on Vertex AIVertex AI gives developers access to Gemini 3—Google’s most advanced reasoning and coding model—plus 200+ foundation models including Claude, Llama, and Gemma. Build generative AI apps with Vertex AI Studio, customize with fine-tuning, and deploy to production with enterprise-grade MLOps. New customers get $300 in free credits.
-
10
Open Source API Firewall by Wallarm
Fast and light-weight API proxy firewall for request and response
API Firewall is a high-performance proxy with API request and response validation based on OpenAPI/Swagger schema. It is designed to protect REST API endpoints in cloud-native environments. API Firewall provides API hardening with the use of a positive security model allowing calls that match a predefined API specification for requests and responses, while rejecting everything else. -
11
Containerization (Apple)
Containerization is a Swift package for running Linux containers
...It walks through the responsibilities of an image format, registry, and runtime, and shows how a minimal runtime can assemble an isolated process with the right filesystem view, environment, and entrypoint. The samples highlight security hardening considerations—such as process isolation, filesystem scoping, and least-privilege execution—so that containers are not just portable, but safer by default. Developers get a blueprint for taking standard container images and running them in a way that respects platform conventions, tooling, and policies. The emphasis is on clarity and standards alignment rather than building a production-grade engine, which makes the code ideal for learning and experimentation. -
12
GitHub Actions for Firebase
GitHub Action for interacting with Firebase
This Action for firebase-tools enables arbitrary actions with the firebase command-line client. Starting with version v2.1.2 each version release will point to a versioned docker image allowing for hardening our pipeline (so things don't break when I do something dump). On top of this, you can also point to a master version if you would like to test out what might not be deployed into a release yet. If you want to add a message to a deployment (e.g. the Git commit message) you need to take extra care and escape the quotes or the YAML breaks. ... -
13
Personal Security Checklist
A compiled checklist of 300+ tips for protecting digital security
Personal Security Checklist is a comprehensive, plain-language checklist for improving personal digital security and privacy across devices, accounts, and everyday workflows. It’s organized so that complete beginners can make quick, high-impact changes, while advanced users can dig into deeper hardening steps. The guidance spans topics like passwords, 2FA, device encryption, browser hygiene, network safety, backups, and incident response planning. Each section breaks recommendations into actionable, bite-sized items with brief explanations, helping you understand the “why” as well as the “how.” The repository is continuously refined by a large community, which keeps the content practical, vendor-neutral, and up to date with evolving threats and best practices. ... -
14
verl
Volcano Engine Reinforcement Learning for LLMs
...Data pipelines treat human feedback, simulated environments, and synthetic preferences as interchangeable sources, which helps with rapid experimentation. VERL is meant for both research and production hardening: logging, checkpointing, and evaluation suites are built in so you can track learning dynamics and regressions over time. -
15
Rebuff
LLM Prompt Injection Detector
A self-hardening prompt injection detector. Rebuff is designed to protect AI applications from prompt injection (PI) attacks through a multi-layered defense. Rebuff is still a prototype and cannot provide 100% protection against prompt injection attacks. Add canary tokens to prompts to detect leakages, allowing the framework to store embeddings about the incoming prompt in the vector database and prevent future attacks. -
16
Hardened Slarpx
Experimental hardened Linux based on Xennytsu and Poison engine
...Xennytsu activates if an attacker gains a shell or attempts memory manipulation, detecting such activity within approximately 250 milliseconds and immediately terminating the offending process. Beyond passive hardening, Slarpx focuses on active intervention, sabotage, and destruction of attack paths when necessary. -
17
Cyrethium
Cyrethium GNU/Linux Debian Based Privacy and Security Focused OS
...It provides strong protection against browser attacks with custom hardened Firefox variants. The distribution hosts a wide range of tools designed from scratch for Cyrethium and includes multi-layered hardening against cyber attacks. There are 4 different versions available: 2 core and 2 respins. More Info : https://cyrethium.org -
18
antiS
A Chinese-localized Privacy-enhanced Linux Distro
A Chinese-localized, Privacy-enhanced, anti-Surveillance and Censorship variant of AlienBob's Liveslak, aiming to provide all-in-one and easy-to-use system that protects user's privacy in one stop. - Please check the Github repo's README for updated technical details: https://github.com/mdrights/LiveSlak -
19
pic-standard
Local protocol for safe agentic AI. Intent + impact + verifiable
PIC (Provenance & Intent Contracts) serves as an action firewall for agentic AI. Lightweight, it adds machine-verifiable contracts to agent calls and actions and it is particularly efective at shielding the agent from propmpt-injection. Before any high-impact tool call, the agent must submit an Action Proposal (schema + verifier): - explicit intent - impact classification (read / write / money / irreversible / privacy / etc.) - provenance sources with trust levels (untrusted →... -
20
PakOS
A resonably secure operating system from Pakistan
PakOS accepted on DistroWatch as 1st and Only Pakistani Linux Distro https://distrowatch.com/table.php?distribution=pakos PakOS Webiste at https://axitechnologies.ai/pak-os-linux/ Alternate Download Links on GitLab for Pakistani Users: https://gitlab.com/pakos-iso-archives/pakos-12-end-of-10/-/package_files/233060048/download All thanks to Hashir Asad, https://pk.linkedin.com/in/hashir-asad PakOS Review by... -
21
PQS
Petoron Quantum Standard (PQS)
...PQS v1.2 is a minimalistic, self-contained encryption engine for secure file protection, with zero reliance on external cryptographic libraries. PBKDF2-HMAC-SHA256 (200k iterations, adjustable) for password hardening. Key separation via BLAKE2s - independent keys for encryption and MAC. BLAKE2s-MAC authentication - 16-byte tag, any modification = instant rejection. Streaming keystream generator - secure, large-scale XOR without key reuse. Fake padding (HEAD/TAIL) - obfuscates binary boundaries and payload structure. Precise size encoding - restores original payload exactly. ... -
22
Pus
Computer speedup and hardening and debloating script
⭐ About Pus Pus is a tool developed by me. (PusPC) I also created some more tools. Pus is a computer speedup and hardening and debloating script. ⭐ Give it a review Give it a try if you care about your privacy and computer speed. Please give it a review so i can know what to add/fix. ⭐ Github Github link: https://github.com/PusPC/Pus -
23
Windows-Optimize-Harden-Debloat-GUI
C# Based GUI for Windows-Optimize-Harden-Debloat
-
24
BlackBuntu Linux
BlackBuntu Linux
BlackBuntu is born from the passion and spirit of 2 specialists. Let’s cut the bullshit, this distribution is a GNU/Linux distribution based on Ubuntu and designed with Pentest, Security and Development in mind for the best experience. With advanced accessibility tools and options to change language, colour scheme and text size, Blackbuntu makes computing easy – whoever and wherever you are. BlackBuntu is a fully open source project, anyone can see what is inside. The building source code... -
25
𝗢𝗽𝗲𝗿𝗮𝘁𝗶𝘃𝗲 𝘀𝗶𝘀𝘁𝗲𝗺 / 𝘇𝗲𝗿𝗼𝗱𝗮𝘆 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 _ Contains advanced security within the kernel, denying use of user memory not allowing user identification / This security allows to stop ransomware attacks _ ! Remove memory / wipe user-space and kernel after system shutdown * Browse anonymously without leaving a trace / tor / privoxy > Sign all operating system and boot verification . Integrity Measurement Architecture _ Subsystem is responsible for calculating the hashes of files...
