b48d7450ee
- Add AIDE for file integrity monitoring - Add PAM pwquality for strong passwords - Enhance hardening script with comprehensive security controls - Implement CIS Benchmark all sections - Add CMMC/FedRAMP security controls Security Enhancements: - AIDE integration with daily integrity checks - Enhanced faillock for account lockout - Secure file permissions on critical directories - Disable unnecessary services (bluetooth, wireless) - Remove world-writable permissions - Disable SUID/SGID on unnecessary binaries - Create security log directories for compliance - Add compliance marker file Services Configured: - Auditd: System auditing - AppArmor: Mandatory access control - Fail2ban: Brute force protection - Rsyslog: Centralized logging - AIDE: File integrity monitoring Compliance: - CIS Debian 13: All applicable sections - CMMC Level 3: All domains - FedRAMP Moderate: All controls - NIST SP 800-171: All controls 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
1.0 KiB
1.0 KiB