https://github.com/ferderer/security-lab

Hardening playbooks, security configurations, and reference implementations for WSL2, Linux, and application security.
https://github.com/ferderer/security-lab

ai-agents ansible devops hardening linux nftables security spring-security squid wsl2

Last synced: about 2 months ago
JSON representation

Hardening playbooks, security configurations, and reference implementations for WSL2, Linux, and application security.

• Host: GitHub
• URL: https://github.com/ferderer/security-lab
• Owner: ferderer
• License: mit
• Created: 2026-04-15T07:07:21.000Z (2 months ago)
• Default Branch: main
• Last Pushed: 2026-04-15T07:23:33.000Z (2 months ago)
• Last Synced: 2026-05-03T11:48:12.936Z (about 2 months ago)
• Topics: ai-agents, ansible, devops, hardening, linux, nftables, security, spring-security, squid, wsl2
• Homepage:
• Size: 4.88 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# security-lab

Practical security hardening — Ansible playbooks, configurations, and reference 

implementations. Companion repository to [ferderer.de/blog](https://ferderer.de/blog).

## Contents (planned!)

### Ansible Playbooks

| Playbook | Description |

|---|---|

| `ansible/wsl-setup.yml` | WSL2 base environment setup |

| `ansible/agent-hardening.yml` | AI agent isolation: unprivileged user, bind mount, nftables, Squid |

| `ansible/vps-hardening.yml` | VPS baseline hardening |

### Spring Security

| Module | Description |

|---|---|

| `spring-security/filter-chain-demo` | Spring Security filter chain reference implementation |

## Related Articles

- [Containing the Blast Radius: Hardening WSL2 for AI Coding Agents](https://ferderer.de/blog/tech/ai-agent-wsl2-hardening)

## Usage

```bash

ansible-playbook ansible/agent-hardening.yml --ask-become-pass

```

All sensitive values (usernames, IPs, domains) are parameterized via `group_vars/all.yml`.