GitHub
github.com › insidious-security › server-hardening
GitHub - insidious-security/server-hardening: Linux server hardening
# Git clone this repository: $ git clone https://github.com/insidious-security/server-hardening.git # Install python dependency: $ pip3 install requests # Run the code: python3 harden.py
Author insidious-security
Readthedocs
iri-playbook.readthedocs.io › en › feat-docker › securityhardening.html
Security Hardening — Python documentation
Security Hardening · Edit on GitHub · In the following chapter some advice and tutorials on how to secure your Linux system. It includes disabling SSH root access, switching SSH port, creating SSH keys and more. On most servers, password authentication is allowed by default making the server ...
linux - How can you security-harden a Python program? - Stack Overflow
What is best way to restrict/sandbox a Python program? How can I restrict a Python program to only be able to access one website and print to stdout? I am using pyseccomp to restrict the list of sy... More on stackoverflow.com
Python security hardening - Information Security Stack Exchange
I’m working for a large organization which is using some Windows products that require python to work. Python is used to execute built in utility scripts and the user never recognizes that python... More on security.stackexchange.com
Linux Hardening Script Recommendations
Ansible.
It looks like that script is trying to do configuration management. So why not use a configuration management tool to do so? (ansible, puppet, cfengine, etc.)
You should separate the "what configurations need to be made to secure/harden a system" and "what tool will I use to implement it".
More on reddit.com 27
81
July 22, 2020What does a secure Python installation look like?
Virtual environments. Plus malware isint made in Python rarely because of the fact having to rely on the user to have Python to begin with. The packages having malware is different story. Though that’s a risk with everything. More on reddit.com
11
2
April 20, 2025Videos
GitHub
github.com › grapheneX › grapheneX
GitHub - grapheneX/grapheneX: Automated System Hardening Framework · GitHub
• grapheneX currently supports Python 3.10 · Execute the grapheneX with the -w or --web argument in order to start the web server.
Starred by 1K users
Forked by 91 users
Languages Python 63.8% | HTML 21.9% | JavaScript 13.2% | Dockerfile 1.1%
GitHub
github.com › topics › security-hardening
security-hardening · GitHub Topics · GitHub
application application-security web-security security-vulnerability security-hardening appsec vulnerability-scanners security-scanner security-tools web-security-research security-testing endpoint-security mobilesecurity mdm-server developer-security security-advisory ... UDP port knocking suite with HMAC-PSK authentication. security networking network security-hardening stealth post-quantum-cryptography port-knocker firewall-management post-quantum port-knock ... Want to see how something like Internet Chemotherapy works without bricking your own vms? This is a jail to reduce the python runtime from doing bad things on the host when running untrusted code.
GitHub
github.com › topics › hardening
hardening · GitHub Topics · GitHub
python cis tool audit python3 python-3 ... cis-linux-benchmark cis-debian-benchmark cis-ubuntu-benchmark ... BAT is a tool to help everyone to securing their web-servers....
GitHub
github.com › topics › server-hardening
server-hardening · GitHub Topics · GitHub
Linux server hardening · python ... · Python · Star 1 · Comprehensive POSIX shell server hardening toolkit with automatic rollback, SSH safety, and Ansible automation for Debian-based systems ·...
GitHub
github.com › decalage2 › awesome-security-hardening
GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources · GitHub
CryptoLyzer - Fast, flexible and comprehensive server cryptographic protocol (TLS, SSL, SSH, DNSSEC) and related setting (HTTP headers, DNS records) analyzer and fingerprint (JA3, HASSH tag) generator with Python API and CLI.
Starred by 6.3K users
Forked by 646 users
GitHub
github.com › topics › linux-hardening
linux-hardening · GitHub Topics · GitHub
python3 linux-hardening windows-hardening · Updated · Jun 6, 2021 · Python · Star 0 · Linux server hardening · python linux hardening linux-hardening server-hardening · Updated · Feb 12, 2023 · Python · Add a description, image, and links to the linux-hardening topic page so that developers can more easily learn about it.
GitHub
github.com › konstruktoid › hardening
GitHub - konstruktoid/hardening: Hardening Ubuntu. Systemd edition. · GitHub
See https://help.ubuntu.com/co... net-tools procps --no-install-recommends. Download the script: git clone https://github.com/konstruktoid/hardening.git....
Starred by 1.7K users
Forked by 390 users
Languages Shell 99.5% | Dockerfile 0.5%
GitHub
github.com › Jsitech › JShielder
GitHub - Jsitech/JShielder: Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark
v2.2.1 Removed suhosing installation on Ubuntu 16.04, Fixed MySQL Configuration, GRUB Bootloader Setup function, Server IP now obtain via ip route to not rely on interface naming · v2.2 Added new Hardening option following CIS Benchmark Guidance
Starred by 787 users
Forked by 245 users
Languages PHP 70.5% | Shell 26.8% | C 1.1% | Roff 0.8% | CSS 0.5% | Perl 0.2% | PHP 70.5% | Shell 26.8% | C 1.1% | Roff 0.8% | CSS 0.5% | Perl 0.2%
Top answer 1 of 2
3
You could turn your python scripts into windows executables using py2exe. That way it would be treated the same way you restrict other system binary. Be aware that it is possible to reverse-engineer by "uncompiling" it, showing the script functions and all. But as your question in only about enforcing execution authorization, i think that it will fulfill your need.
2 of 2
2
How about the use of PyPy with its sandboxing mode?
I'm afraid I'm not that familiar so I'm uncertain that it would be fully secure but certainly worth a look.
As far as I can see, your only options are:
- PyPy sandboxing
- A Python to executable compiler
- Giving users a Virtual Machine which allows Python
- Using a PC sandboxing solution to isolate Python and the file system.
GitHub
github.com › pratiktri › server_init_harden
GitHub - pratiktri/server_init_harden: POSIX shell script automating Linux/FreeBSD server security hardening.
curl -L -o harden.sh https://sot.li/hardensh cat harden.sh # review content chmod +x harden.sh # Harden server: SSH hardening, Fail2ban, Firewalld/pf ./harden.sh # Create new privileged (sudo) user & harden server ./harden.sh -u jay # Create new privileged user, reset root password & harden server ./harden.sh -r -u jay
Starred by 108 users
Forked by 21 users
Languages Shell 100.0% | Shell 100.0%
GitHub
gist.github.com › lrobert › 6816181
Ubuntu Base Server Configuration/Hardening Script · GitHub
Ubuntu Base Server Configuration/Hardening Script. GitHub Gist: instantly share code, notes, and snippets.
GeeksforGeeks
geeksforgeeks.org › python › python-system-hardening-and-compliance-reports-using-lynis
Python | System hardening and compliance reports using Lynis - GeeksforGeeks
November 8, 2021 - #!/bin/bash # script to scrape/parse the report file and # extract the relevant details and run the # python script to display the details in a server. echo "running......" echo "" sudo ./lynis audit system --quick # execute warnings.
GitHub
github.com › topics › cis-benchmarks
Build software better, together
python cis tool audit python3 python-3 hardening score cis-benchmark python38 cis-hardening python3-8 cis-benchmarks cis-center-for-internet-security cis-linux-benchmark cis-debian-benchmark cis-ubuntu-benchmark ... Checks whether a Windows server according to security best practices as defined in the CIS Distribution-Independent Windows Benchmark
SecureCoding
securecoding.com › home › blog › how to automate server hardening
How to Automate Server Hardening - SecureCoding
June 15, 2022 - GrapheneX is an open-source Python-based framework that automatically secures the severs with a different checklist of hardening commands. A significant difference between GrapheneX and other tools is that it’s designed to be used by Linux and Windows developers because of its interface options. Server hardening is an ongoing process and not something you can do once and then leave.
Medium
verlekarsachin.medium.com › automate-your-cis-server-hardening-baseline-documentation-using-python-e59da5ff0a78
Automate Your CIS Server Hardening Baseline Documentation using Python | by Sachin Verlekar | Medium
January 7, 2024 - Automate Your CIS Server Hardening Baseline Documentation using Python As security professionals, we know the importance of server hardening and following industry best practices like CIS benchmarks …
Reddit
reddit.com › r/linuxadmin › linux hardening script recommendations
r/linuxadmin on Reddit: Linux Hardening Script Recommendations
July 22, 2020 -
I am looking for a script that will automate the hardening of a Linux server (looking at Ubuntu distro right now). I happened upon this: https://github.com/Jsitech/JShielder/blob/master/UbuntuServer_18.04LTS/jshielder.sh which looks VERY comprehensive. My only thing with this is that it may be overkill, and possibly even some redundancy exists. Was wondering what everyone uses?
Top answer 1 of 5
59
Ansible.
It looks like that script is trying to do configuration management. So why not use a configuration management tool to do so? (ansible, puppet, cfengine, etc.)
You should separate the "what configurations need to be made to secure/harden a system" and "what tool will I use to implement it".
2 of 5
15
I'm working with RHEL but I use Ansible playbooks to audit and apply DISA STIG settings.
GitHub
github.com › PaulSec › awesome-windows-domain-hardening
GitHub - PaulSec/awesome-windows-domain-hardening: A curated list of awesome Security Hardening techniques for Windows. · GitHub
Empire - PowerShell and Python post-exploitation agent · Mimikatz - Utility to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory but also perform pass-the-hash, pass-the-ticket or build Golden tickets · Tools Cheatsheets - (Beacon, PowerView, PowerUp, Empire, ...) UACME - Defeating Windows User Account Control · Windows System Internals - (Including Sysmon etc.) Hardentools - Collection of simple utilities designed to disable a number of "features" exposed by Windows ·
Starred by 1.8K users
Forked by 273 users