feat: add security baselines guide and update build script
Security Baselines Guide Includes: - Comprehensive security baseline overview - Kernel parameters verification - Firewall rules baseline - Authentication and password baselines - Audit rules baseline - Service baselines (enabled/prohibited) - File permission baselines - AIDE configuration baseline - Logging baselines - Initial hardening procedures - Baseline verification procedures - Ongoing hardening activities (daily/weekly/monthly/quarterly/annual) - Baseline maintenance procedures - Compliance verification for CIS/CMMC/FedRAMP - Troubleshooting guide - Quick reference commands Build Script Updates: - Add PAM configuration step (common-password-cis) - Add faillock configuration for account lockout - Add AIDE database initialization - Add Secure Boot configuration step - Add additional systemd services (auditd, rsyslog, apparmor, aide-check.timer) - Update step numbers to 11/11 for consistency - Improve hardening script execution Security Controls Applied: - PAM with CIS password policies - Account lockout (5 attempts, 15 minutes) - AIDE database initialization - Secure Boot configuration - All security services enabled Compliance Standards: - CIS Debian 13 Benchmark - CMMC Level 3 - FedRAMP Moderate - NIST SP 800-53 Moderate - NIST SP 800-171 This guide provides complete baseline verification and maintenance procedures for Tier0 infrastructure protection. 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble
1043
docs/SECURITY-BASELINES.md
Normal file
1043
docs/SECURITY-BASELINES.md
Normal file
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user