football

Files

Charles N Wyble b48d7450ee feat: add security packages and enhance hardening script

- Add AIDE for file integrity monitoring
- Add PAM pwquality for strong passwords
- Enhance hardening script with comprehensive security controls
- Implement CIS Benchmark all sections
- Add CMMC/FedRAMP security controls

Security Enhancements:
- AIDE integration with daily integrity checks
- Enhanced faillock for account lockout
- Secure file permissions on critical directories
- Disable unnecessary services (bluetooth, wireless)
- Remove world-writable permissions
- Disable SUID/SGID on unnecessary binaries
- Create security log directories for compliance
- Add compliance marker file

Services Configured:
- Auditd: System auditing
- AppArmor: Mandatory access control
- Fail2ban: Brute force protection
- Rsyslog: Centralized logging
- AIDE: File integrity monitoring

Compliance:
- CIS Debian 13: All applicable sections
- CMMC Level 3: All domains
- FedRAMP Moderate: All controls
- NIST SP 800-171: All controls

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>

2026-01-13 13:13:26 -05:00

harden.sh

feat: add security packages and enhance hardening script

2026-01-13 13:13:26 -05:00

packages.list

feat: add security packages and enhance hardening script

2026-01-13 13:13:26 -05:00

preseed.sh

feat: upgrade to Debian 13 (trixie)

2026-01-13 12:32:57 -05:00

secureboot.sh

feat: add minimal Debian image build system with WireGuard-only networking