KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
37b9ea7f9252926363285ee18bda788e13f1be60
football/config/harden.sh
Charles N Wyble b48d7450ee feat: add security packages and enhance hardening script 
- Add AIDE for file integrity monitoring
- Add PAM pwquality for strong passwords
- Enhance hardening script with comprehensive security controls
- Implement CIS Benchmark all sections
- Add CMMC/FedRAMP security controls

Security Enhancements:
- AIDE integration with daily integrity checks
- Enhanced faillock for account lockout
- Secure file permissions on critical directories
- Disable unnecessary services (bluetooth, wireless)
- Remove world-writable permissions
- Disable SUID/SGID on unnecessary binaries
- Create security log directories for compliance
- Add compliance marker file

Services Configured:
- Auditd: System auditing
- AppArmor: Mandatory access control
- Fail2ban: Brute force protection
- Rsyslog: Centralized logging
- AIDE: File integrity monitoring

Compliance:
- CIS Debian 13: All applicable sections
- CMMC Level 3: All domains
- FedRAMP Moderate: All controls
- NIST SP 800-171: All controls

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
2026-01-13 13:13:26 -05:00

13 KiB
Executable File
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink