DevSec Hardening Framework

Security + DevOps: Automatic Server Hardening

Verified
We've verified that the organizationdev-sec controls the domain:
- dev-sec.io
Learn more about verified organizations

820 followers
https://twitter.com/devsecio
https://dev-sec.io

README.md

DevSec Hardening Framework

Challenge

Running secure infrastructure is a difficult task.Although server hardening is a well-known topic with many guides out in the wild, it is still very cumbersome to apply and verify secure configuration.If you manage many server, they need to be configured properly and maintained, which is difficult and time-consuming to get right.To answer these needs for security, compliance, and maintainability, we decided to launch this project as a common ground for requirements and their fulfillment.

Vision / Goal

Our goal is simple: Create a common layer for operating system and services hardening.Even if you aren’t knee-deep in configuration manuals for services or the latest security recommendations, you will be able to implement and use this framework with ease.

PinnedLoading

ansible-collection-hardeningansible-collection-hardeningPublic
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
Jinja 4.4k 757
chef-os-hardeningchef-os-hardeningPublic
This chef cookbook provides numerous security-related configurations, providing all-round base protection.
Ruby 443 134
puppet-os-hardeningpuppet-os-hardeningPublic
This puppet module provides numerous security-related configurations, providing all-round base protection.
Puppet 285 101
linux-baselinelinux-baselinePublic
DevSec Linux Baseline - InSpec Profile
Ruby 805 191
cis-docker-benchmarkcis-docker-benchmarkPublic
CIS Docker Benchmark - InSpec Profile
Ruby 506 116
cis-kubernetes-benchmarkcis-kubernetes-benchmarkPublic
CIS Kubernetes Benchmark - InSpec Profile
Ruby 301 80

Repositories

Showing 10 of 51 repositories

puppet-apache-hardening Public
Apache Web Server Hardening with Puppet
dev-sec/puppet-apache-hardening’s past year of commit activity
HTML 16 10 0 1 UpdatedApr 29, 2025
ansible-collection-hardening Public
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
dev-sec/ansible-collection-hardening’s past year of commit activity
Jinja 4,374Apache-2.0 757 46 (2 issues need help) 13 UpdatedApr 28, 2025
puppet-os-hardening Public
This puppet module provides numerous security-related configurations, providing all-round base protection.
dev-sec/puppet-os-hardening’s past year of commit activity
Puppet 285Apache-2.0 101 13 (1 issue needs help) 5 UpdatedApr 25, 2025
chef-nginx-hardening Public
This chef cookbook provides secure nginx configurations.
dev-sec/chef-nginx-hardening’s past year of commit activity
Ruby 50Apache-2.0 16 3 2 UpdatedApr 23, 2025
hardening Public
DevSec Examples
dev-sec/hardening’s past year of commit activity
Ruby 343Apache-2.0 44 1 4 UpdatedApr 13, 2025
docker-ansible Public
Docker containers that include ansible latest stable 2.x version.
dev-sec/docker-ansible’s past year of commit activity
Dockerfile 26GPL-3.0 16 3 0 UpdatedApr 3, 2025
chef-mysql-hardening Public
This chef cookbook provides security configuration for mysql.
dev-sec/chef-mysql-hardening’s past year of commit activity
Ruby 26Apache-2.0 9 2 2 UpdatedMar 27, 2025
chef-ssh-hardening Public
This chef cookbook provides secure ssh-client and ssh-server configurations.
dev-sec/chef-ssh-hardening’s past year of commit activity
Ruby 162Apache-2.0 71 11 (1 issue needs help) 3 UpdatedMar 27, 2025
chef-apache-hardening Public
dev-sec/chef-apache-hardening’s past year of commit activity
Ruby 25Apache-2.0 10 3 2 UpdatedMar 26, 2025
chef-postgres-hardening Public
This chef cookbook provides security configuration for PostgreSQL.
dev-sec/chef-postgres-hardening’s past year of commit activity
Ruby 27Apache-2.0 10 1 1 UpdatedMar 26, 2025