Overview

Hardening Framework Components

OS Hardening

Secure the base operating system

PAM

Configures pam and pam_limts

Permissions

Restrict the permissions by setting SUID bits and configuring system paths.

Verified Packages

Verifies only signed packages are installed.

Sysctl

Set secure kernel parameters

SSH Hardening

Secure configuration of SSH

Secure Ciphers

Configures SSH with secure ciphers.

Configuration

Configures the ssh client and server with industry best-practices.

Certificate Authentication

Deactivates password authentication and enables the secure certificate authentication.

User Management

Leave the user management with their authorization to you, thus enabling a smooth integration without changing existing infrastructure.

MySQL Hardening

Harden your MySQL Server

Secure Authentication

Enables the secure authentication for MySQL.

Removes Demo Configuration

Removes the demo database and unused components to reduce the attack surface.

Compatibility

Integrates with the existing Puppet and Chef modules. Therefore you just need to drop in the hardening configuration.

Optimized for OS and SSH Hardening

The hardening is optimized to work well with the other components that are part of the Hardening Framework.

PostgreSQL Hardening

This module is currently work in progress.

Ensure trusted SSL

Some default installations are shipped with untrusted content, we ensure,

Password Encryption

Hardening configures PostgreSQL to ensure that no empty passwords are allowed and passwords are only stored hashed.

System Monitoring

Provides a secure configuration for PostgreSQL logging.

Verify filesytem permission

Ensures all directories and files of PostgreSQL are properly set.

Nginx Hardening

Hardens a Nginx web server

Stealth Mode

Does not send information like 'Server' or 'X-Powered-By'

XSS

Ensures 'X-XSS-Protection' is activated. Prepares for 'Content-Security-Policy'.

Removes Demo configuration

After the standard installation various files for demo purposes are installed. The Hardening Framework removes those things for you.

Timeouts

The timeouts are optimized for production use.

Apache Hardening

This module is currently work in progress.