Collaborate Disseminate
CIS has published a list of container vulnerabilities that should be addressed to complete the hardening process.
Are there separate sets of tools that only point out the vulnerabilities
and then tools that "fix" the vulnerabili… Continue reading Tools for "scanning" container (hardening) vulnerabilities vs tools for "performing" the hardening [closed]
CIS has published hardening standards for all operating systems of EC2 in AWS.
CIS also provides hardened images as well but they’re quite expensive at $130/year/instance.
Is there a place where we can get open source hardening scripts to … Continue reading Where could we get CIS Hardening Scripts for AWS EC2?
linux security and root access question….
I’m setting up a server that has a validator node running on it for a blockchain. I was trying to harden the security of my server. I set up ufw for all ports but those necessary for the node to … Continue reading Disable everything but a hidden command for root access
linux security and root access question….
I’m setting up a server that has a validator node running on it for a blockchain. I was trying to harden the security of my server. I set up ufw for all ports but those necessary for the node to … Continue reading Disable everything but a hidden command for root access
Let’s say you have a important file/folder, and want to only allow certain processes (based on process name, or its corresponding ELF file on the disk, or the digital signature of the corresponding ELF, etc) to read/write to that file. How… Continue reading How to only allow whitelisted processes to access a certain file using SElinux?
What items should be considered to create a browser that prevents all access to stored credentials by a malicious process? Hardware attacks being out of scope.
Are there public projects addressing this?
In an attempt to answer this myself,… Continue reading Is it possible to protect browser credentials from malicious processes?
Does hardening with SECCOMP a binary running inside a Docker container brings extra security? I can find many articles/papers about hardening the container itself but very few things about hardening binaries inside the container.
SECCOMP w… Continue reading SECCOMP inside a docker container adds an extra layer of security?
I’m interested in using GNU/Linux for different reasons. Partly for freedom, privacy, and security. But also to force myself to learn Linux. One issue I’ve found is that desktop Linux seems to have fairly poor security by default which is … Continue reading How should GNU/Linux noobs harden their dekstop OS?
tldr
How can I define a SELinux policy, that limits filesystem access of portable Tor Browser to its installation directory, say /home/user/.local/opt/tor-browser_en-US?
How might Tor Browser be hardened even further (X11 Window system, To… Continue reading How to harden portable Tor Browser installation (SELinux, sandbox)?
I am trying to find the configuration settings for this hardening on Windows 2019:
Block IIS sites configuration change from the IIS GUI, even for administrators.
The sites web.config change should be possible using a text editor.
I hav… Continue reading Block IIS GUI sites configuration change for hardening