Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/marshyski/quick-secure
Quickly secure UNIX/Linux systems
https://github.com/marshyski/quick-secure
docker docker-security linux security security-hardening
Last synced: about 2 months ago
JSON representation
Quickly secure UNIX/Linux systems
- Host: GitHub
- URL: https://github.com/marshyski/quick-secure
- Owner: marshyski
- License: gpl-3.0
- Created: 2013-05-16T06:19:27.000Z (over 11 years ago)
- Default Branch: master
- Last Pushed: 2020-03-09T05:25:19.000Z (over 4 years ago)
- Last Synced: 2024-04-13T05:07:12.373Z (5 months ago)
- Topics: docker, docker-security, linux, security, security-hardening
- Language: Shell
- Homepage:
- Size: 46.9 KB
- Stars: 407
- Watchers: 20
- Forks: 52
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-starred - marshyski/quick-secure - Quickly secure UNIX/Linux systems (security)
README
Quick NIX Secure Script
==============
Quick NIX Secure Script is used to **harden** and **secure** basic permissions and ownership **on the fly**. This script can be used during boot up, cron, bootstrapping, kickstart, jumpstart and during other system deployments. I recommend using CM tools like Puppet or Ansible, but this is still nice.
Why use this?
--------------
Many times in (**prod**)uction world prior admins harden without **automation** or towards an industry **baseline**. This is to help get to a point of standardization and quickly set or reset basic system security.
Use before or after app deploymentz. I don't set umasks, so everything should work regardless ^_^
Industry Compliance
------------
This is influenced from DISA STIGs, ODAA, NSA and NIST/FIPs. This does not enforce towards those baselines, but helps minimize CAT I-III findings.
Requirements
------------
* RHEL 5-6, Fedora 17-20, Ubuntu 10-13, Solaris 9-10 and OpenSolaris
* root or equivalent
* basic /bin /sbin /usr/bin executables
Installation
------------
(Easiest method to get going)
curl -sfO https://raw.githubusercontent.com/marshyski/quick-secure/master/quick-secure && bash quick-secure
(Alternative)
git clone https://github.com/marshyski/quick-secure.git
chmod 0700 ./quick-secure/quick-secure
Securing Docker Containers
------------
(Easiest method)
RUN cd / && curl -sfO https://raw.githubusercontent.com/marshyski/quick-secure/master/quick-secure && bash /quick-secure -f
(Alternative method)
ADD quick-secure /quick-secure
RUN bash /quick-secure -f
Usage
-----
**-c** argument reviews what's commented out in quick-secure.
./quick-secure/quick-secure -c
**-u** argument reviews what's being applied to your current system.
./quick-secure/quick-secure -u
**-f** argument forces settings without being prompt with "are you sure" question.
./quick-secure/quick-secure -f
Run quick-secure for the first time: ``./quick-secure/quick-secure`` in CLI.
Setup quick-secure to run every sunday at 11PM via root's cron:
00 23 * * 0 /root/quick-secure/quick-secure -f
Help & Feedback
---------------
You can email ([email protected]) me directly if you need help, submit an issue or pull request. Fork it.
**Looking for better hardening for Ubuntu so pull request quick-secure.**