]> _ Git - hardening-scripts.git/log
projects / hardening-scripts.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
hardening-scripts.git
13 months agoall: separate script into modules
commit | commitdiff | tree
mivirl [Tue, 25 Jun 2024 01:59:03 +0000 (20:59 -0500)]
all: separate script into modules

Separated the sections of the script into individual modules to make it
easier to choose which to run.

13 months agohide-hardware: remove hide-hardware.sh
commit | commitdiff | tree
mivirl [Tue, 25 Jun 2024 01:54:19 +0000 (20:54 -0500)]
hide-hardware: remove hide-hardware.sh

The script may provide some additional privacy, but it's outside the
scope of a hardening script that's intended for competitions where the
red team doesn't need to be particularly subtle. There isn't much point
in including it.

14 months agosandbox: Improve systemd template overrides
commit | commitdiff | tree
mivirl [Sun, 26 May 2024 05:05:45 +0000 (00:05 -0500)]
sandbox: Improve systemd template overrides

Improved templates to make breakage less likely and rely less on
newer systemd features to provide security. Tested with v239 as the
earliest version, but should still work with earlier versions as well.

Exposure levels from `systemd-analyze security` on v252 (scale is
from 0-10 with lower being more secure)
- nginx: 2.3 OK
- apache2: 2.2 OK

15 months agoInitial commit
commit | commitdiff | tree
mivirl [Wed, 22 May 2024 16:31:01 +0000 (11:31 -0500)]
Initial commit

Blue team scripts for hardening machines