# Linux Server Hardening and Auditing > Search results for `harden and audit a Linux server` on awesome-repositories.com. 110 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/harden-and-audit-a-linux-server **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/harden-and-audit-a-linux-server).** ## Results - [imthenachoman/how-to-secure-a-linux-server](https://awesome-repositories.com/repository/imthenachoman-how-to-secure-a-linux-server.md) (27,786 ⭐) — This project is a Linux server security guide and system administration manual designed to harden the operating system and kernel. It functions as an OS hardening checklist and a collection of instructions for reducing the server attack surface to protect against intruders. The guide covers the establishment of a server security baseline and the reduction of the network attack surface. It provides practical guidance for managing system permissions and network configurations to maintain a secure environment. The content is organized as a series of step-by-step procedural layouts and topic-categorized instructions. It includes configuration snippets and shell commands to facilitate the application of security settings. - [trimstray/the-practical-linux-hardening-guide](https://awesome-repositories.com/repository/trimstray-the-practical-linux-hardening-guide.md) (10,545 ⭐) — This project is a comprehensive Linux server hardening guide and infrastructure documentation resource. It provides a set of validated security baselines and step-by-step instructions for implementing security controls and configuration best practices to protect production environments. The guide focuses on aligning systems with industry-standard security benchmarks, specifically those provided by the Center for Internet Security and Security Technical Implementation Guides. It includes a framework for using OpenSCAP to scan system configurations, verify compliance against reference profiles, and generate detailed auditing reports. The documentation covers the application of strict directory permissions, the implementation of standardized security baselines, and the use of automation tools to consistently apply hardening workflows across multiple servers. - [addyosmani/agent-skills](https://awesome-repositories.com/repository/addyosmani-agent-skills.md) (60,849 ⭐) — Agent-skills is a collection of structured instructions and behavioral personas designed to standardize how AI coding agents perform engineering tasks. It functions as a workflow orchestrator that maps natural language intent to repeatable technical sequences and verification checklists. The project distinguishes itself through the use of specialized markdown-defined roles, such as security auditors or test engineers, to apply targeted domain expertise. It employs an evidence-based verification model that requires runtime data or passing tests as mandatory exit criteria to ensure AI-generated code meets production standards. The system covers a broad range of engineering capabilities, including technical specification automation, multi-axis code reviews, and test-driven development. It also provides frameworks for context management, security auditing, and the orchestration of parallel agent tasks to synthesize findings into consolidated reports. These skills are implemented as standardized instructions and commands that can be loaded into an agent via auto-discovery or explicit installation. - [rocky-linux/rocky](https://awesome-repositories.com/repository/rocky-linux-rocky.md) (9,497 ⭐) — Rocky is an open-source enterprise operating system designed for server and cloud infrastructure. It is a community-maintained Linux server distribution that provides a platform focused on stability and security. The project is fundamentally a Red Hat Enterprise Linux compatible operating system, maintaining bug-for-bug binary compatibility to ensure identical software behavior. This allows it to serve as an enterprise-grade platform without proprietary licensing. The distribution covers a broad range of system administration capabilities, including package management via modular repository streams, system hardening through strict access controls, and the management of logical volumes and file systems. It also supports the deployment of containerized servers and the orchestration of infrastructure using agentless automation engines and declarative state configurations. Administrative tasks can be performed through a variety of tools, including image-based automated installation media, unit-based service management, and the execution of shell scripts for repetitive system jobs. - [dev-sec/ansible-collection-hardening](https://awesome-repositories.com/repository/dev-sec-ansible-collection-hardening.md) (5,225 ⭐) — This is an Ansible collection that automates security hardening for Linux operating systems, databases, web servers, and SSH services. It provides a declarative, modular architecture that enforces idempotent security configurations, ensuring that each task only applies changes when the current system state deviates from the desired security baseline. The collection organizes security configurations into reusable Ansible roles, each targeting a specific system component. It includes roles for hardening OpenSSH with key-only authentication and disabled root login, securing MySQL and MariaDB installations with strong authentication and local binding, and configuring Nginx and Apache web servers by disabling server tokens and restricting cipher suites. The roles are designed to work across multiple Linux families, using distribution-specific conditionals and package managers. The collection maps hardening tasks to established security standards such as CIS benchmarks, grouping controls into role-specific conditional logic. It generates configuration files from Jinja2 templates with variables, enabling customization across different Linux distributions without duplicating code. The final hardened state of a system is defined in YAML inventory variables, allowing Ansible to converge any machine toward that state through continuous application. - [cisofy/lynis](https://awesome-repositories.com/repository/cisofy-lynis.md) (15,284 ⭐) — Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It functions as a command-line utility that inspects local system configurations to identify security vulnerabilities, configuration weaknesses, and compliance gaps. By executing a series of modular tests, the tool generates actionable reports and remediation suggestions to assist in strengthening system defenses. The project distinguishes itself through a highly modular architecture that relies on shell-script-based execution and native system inspection. Users can define custom audit profiles to standardize security policies across diverse environments, while the plugin-driven extensibility allows for the development of specialized security checks tailored to unique infrastructure requirements. This flexibility enables the tool to operate in non-interactive batch modes, facilitating integration into automated scheduling and continuous monitoring workflows. Beyond core auditing, the framework supports enterprise-wide security management by aggregating data from multiple hosts into centralized reports. It provides capabilities for tracking system integrity, enforcing compliance baselines, and prioritizing hardening tasks based on risk assessments. The system also supports structured data serialization, allowing audit findings to be exported for external analysis and visualization. - [getgrav/grav](https://awesome-repositories.com/repository/getgrav-grav.md) (15,395 ⭐) — Grav is a flat-file content management system that eliminates the need for a traditional database by storing site content and configuration in human-readable Markdown and YAML files. Built as a modular PHP web framework, it uses a hierarchical page routing system where the physical directory structure directly determines the site's URL paths. The platform is distinguished by its event-driven plugin architecture and a command-line interface that prioritizes system administration, deployment, and maintenance tasks. It utilizes a blueprint-driven system to generate administrative forms from structured data schemas, allowing for complex content management without requiring custom code. A secure, sandboxed templating engine handles the rendering of content into HTML, supporting template inheritance and custom filters. The system provides a comprehensive suite of capabilities, including advanced media processing, multi-language support, and granular access control. It features robust automation tools for scheduling background tasks, managing site backups, and synchronizing content via version control. Developers can extend the core functionality through a modular plugin system, which allows for deep integration with external services and custom logic injection throughout the application lifecycle. The project is designed for flexible deployment, supporting containerized environments and standard web server configurations. It includes extensive documentation and CLI tools to facilitate local development, package management, and automated system updates. - [appsmithorg/appsmith](https://awesome-repositories.com/repository/appsmithorg-appsmith.md) (40,051 ⭐) — Appsmith is a low-code platform designed for building internal business tools, such as operational dashboards and administrative panels. It enables developers to construct dynamic user interfaces by dragging and dropping modular widgets onto a canvas and binding them directly to backend data sources. The platform utilizes a reactive framework that automatically updates interface elements and triggers functions whenever underlying data or widget properties change, eliminating the need for manual event handling. The platform distinguishes itself through a server-side proxy architecture that executes database and API queries securely, masking sensitive credentials from the client. It provides a sandboxed JavaScript environment for custom logic, ensuring that application code remains isolated and secure. Developers can manage their projects using integrated Git-based version control, which allows for branching, merging, and tracking changes across deployment pipelines. Beyond core UI construction, the platform includes a visual workflow orchestrator for automating business processes and handling human-in-the-loop tasks. It supports a wide range of data connectivity options, including SQL databases, third-party APIs, and AI-driven query execution. The system is built for enterprise environments, offering granular role-based access control, multi-tenancy support, and containerized deployment options for self-hosted infrastructure. The platform is distributed as a containerized runtime, allowing for consistent deployment across local and cloud environments. It includes comprehensive administrative tools for managing authentication, system telemetry, and instance-level security configurations. - [hotcakex/harden-windows-security](https://awesome-repositories.com/repository/hotcakex-harden-windows-security.md) (4,139 ⭐) — Harden-Windows-Security is a security hardening tool and framework designed to reduce the attack surface of the Windows operating system through policy enforcement. It provides a collection of security presets and templates to implement official hardening standards across multiple devices. The project distinguishes itself through a comprehensive execution control system, featuring a manager for Windows Application Control and a kernel protection suite. It implements strict trust models, including kernel-mode driver whitelisting, signed policy implementation on the EFI partition, and code integrity policy management to restrict untrusted software. The capability surface extends to hardware-rooted boot validation, UEFI lockdown, and virtualization-based isolation for sensitive workloads. It also covers data protection via volume encryption, network security through domain filtering, and identity management including multi-factor unlock enforcement and credential isolation. Automation is supported through headless execution modes and command-line interfaces for security task orchestration and policy edits. - [fmhy/fmhy](https://awesome-repositories.com/repository/fmhy-fmhy.md) (13,150 ⭐) — FMHY is a community-driven index designed to organize and distribute decentralized digital content through standardized metadata and protocol-agnostic linking. It functions as a resilient, distributed map of internet resources, providing a structured directory that facilitates the discovery of media, software, and educational tools without reliance on centralized control. The project distinguishes itself by maintaining a massive, human-verified repository of external links that span diverse digital ecosystems, including peer-to-peer networks, Usenet, and direct download servers. By utilizing lightweight, version-controlled text files, the platform enables easy mirroring and local hosting, ensuring that its comprehensive index remains accessible and redundant across various environments. The directory covers a broad operational surface, including tools for digital media acquisition, retro gaming emulation, and self-directed academic learning. It also provides extensive resources for system privacy and security, artificial intelligence integration, and professional development, offering a centralized hub for navigating complex online information. The project is documented through a series of structured, navigable directories that allow users to filter and locate specific resources efficiently. - [trimstray/test-your-sysadmin-skills](https://awesome-repositories.com/repository/trimstray-test-your-sysadmin-skills.md) (11,667 ⭐) — This project is a Linux system administration question bank designed to evaluate knowledge of server management. It serves as a technical reference and study guide through a collection of curated questions and answers. The resource provides targeted preparation for technical interviews and professional exams. It specifically covers DevOps interview preparation, including containerization, continuous integration, and version control. The knowledge base spans several core competency areas, including system internals, kernel architectures, and the Linux boot process. It also includes materials for networking troubleshooting, server security hardening, and the analysis of system performance metrics. - [trimstray/linux-hardening-checklist](https://awesome-repositories.com/repository/trimstray-linux-hardening-checklist.md) (1,632 ⭐) — Simple checklist to help you deploying the most important areas of the GNU/Linux production systems - work in progress. - [bitwarden/server](https://awesome-repositories.com/repository/bitwarden-server.md) (18,074 ⭐) — This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and automated machine-to-machine workflows. It supports advanced authentication methods including hardware security keys, passkeys, and biometric unlocking, while simultaneously offering programmatic interfaces for injecting secrets directly into development pipelines and automated infrastructure deployments. This dual-purpose design allows teams to maintain strict data sovereignty through local hosting and containerized deployments while enforcing granular governance across their entire user base. Beyond core storage, the system includes extensive observability and compliance tools, such as immutable audit logging, credential risk analysis, and integration with external security information and event management platforms. It also facilitates secure collaboration through encrypted information sharing, emergency access delegation, and automated identity provisioning. The software is designed for flexible deployment across diverse infrastructure environments and includes command-line utilities for administrative tasks, bulk data migration, and secret retrieval. - [netblue30/firejail](https://awesome-repositories.com/repository/netblue30-firejail.md) (7,069 ⭐) — Firejail is a Linux application sandbox and kernel security wrapper that isolates untrusted applications from the host system. It uses kernel namespaces and seccomp filters to restrict filesystem access, drop kernel capabilities, and limit the system attack surface. The project is distinguished by its use of predefined security profiles to automatically apply filesystem restrictions and syscall limits based on the executable being launched. It provides specialized isolation for portable packages such as AppImages and implements X11 display isolation via proxy servers to prevent keyboard logging and unauthorized screenshots. Capabilities cover kernel hardening through privilege escalation prevention and system call filtering, as well as comprehensive network security. This includes the use of dedicated TCP/IP stacks, network traffic filtering, and custom DNS configurations. The tool also supports home directory segregation and integrates with desktop environments to automatically launch applications within restricted environments. Monitoring tools are included to audit sandbox configurations, verify isolation effectiveness, and track real-time resource consumption. - [bitwarden/clients](https://awesome-repositories.com/repository/bitwarden-clients.md) (13,114 ⭐) — This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server. It supports flexible deployment models, allowing organizations to choose between managed cloud services or self-hosted infrastructure to meet specific data sovereignty and compliance requirements. Furthermore, the system integrates with external identity providers to streamline user provisioning and authentication, while offering advanced administrative controls for policy enforcement and security auditing. Beyond core storage, the platform provides extensive tools for DevOps and automated workflows, including command-line interfaces for secret injection and programmatic SDKs for custom integrations. It also includes robust collaboration features for secure data sharing, team resource management, and credential health monitoring to help organizations maintain a strong security posture. - [grafana/grafana](https://awesome-repositories.com/repository/grafana-grafana.md) (74,456 ⭐) — Grafana is an observability data platform designed to aggregate metrics, logs, and traces from diverse sources into a unified environment. It functions as a centralized interface for visualizing complex telemetry data, transforming raw streams into interactive dashboards that support real-time system health tracking and performance monitoring. The platform distinguishes itself through a plugin-based modular architecture that integrates disparate databases, cloud services, and monitoring tools via a standardized data abstraction layer. This framework allows for the dynamic loading of external components to support varied data sources and visualization types without requiring modifications to the core codebase. Additionally, the system incorporates a rule-based alerting engine that evaluates incoming data streams against defined thresholds to trigger automated notifications for incident response. Beyond its core visualization and alerting capabilities, the platform provides tools for infrastructure performance monitoring and operational data analysis. It utilizes a declarative, component-driven interface to manage dashboard states and a compiled backend to process high-throughput queries and API requests. The system maintains configuration persistence and state consistency across distributed instances through a centralized metadata storage layer. - [mzet-/linux-exploit-suggester](https://awesome-repositories.com/repository/mzet-linux-exploit-suggester.md) (6,528 ⭐) — linux-exploit-suggester is a diagnostic utility and vulnerability scanner designed to identify potential kernel exploits on Linux systems. It functions as a privilege escalation auditor by matching system information and kernel versions against a database of known security flaws. The tool differentiates itself by filtering and ranking exploits based on specific system properties and runtime security configurations. It evaluates kernel hardening settings, such as memory protection mechanisms, to discard inapplicable exploits and prioritize candidates by their probability of success. The software covers a broad analytical surface including kernel vulnerability auditing, system exposure analysis, and the evaluation of compile-time and runtime configuration flags to assess a system's overall security posture. - [konstruktoid/hardening](https://awesome-repositories.com/repository/konstruktoid-hardening.md) (1,712 ⭐) — Hardening Ubuntu. Systemd edition. - [vernu/vps-audit](https://awesome-repositories.com/repository/vernu-vps-audit.md) (1,968 ⭐) — lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers. - [siderolabs/talos](https://awesome-repositories.com/repository/siderolabs-talos.md) (10,659 ⭐) — Talos is a minimal, immutable Linux distribution designed specifically for deploying and managing Kubernetes clusters. It functions as an API-driven infrastructure manager that replaces traditional shell access with a declarative gRPC interface to control operating system state and configuration. The system is distinguished by its use of a read-only root filesystem and a security-hardened kernel, which removes standard GNU utilities to reduce the attack surface. It ensures environment consistency by distributing the operating system as versioned, signed images and utilizes TPM-backed verified boot and mutual TLS for secure administrative communication. Broad capabilities include the automated provisioning of clusters across bare metal, virtual machines, and cloud platforms. The project covers container runtime management, virtual machine execution and migration, distributed key-value storage for cluster quorum, and comprehensive network orchestration including mesh VPNs and VLAN tagging. Administrative operations are performed programmatically through a unified interface that handles boot asset generation, atomic system updates, and hardware-backed security bootstrapping. - [daytonaio/daytona](https://awesome-repositories.com/repository/daytonaio-daytona.md) (72,416 ⭐) — Daytona is a cloud-native development environment platform designed to orchestrate ephemeral, containerized workspaces. It provides a centralized system for managing reproducible coding environments as code, ensuring consistency across distributed teams by abstracting the underlying infrastructure. By utilizing declarative configuration, the platform automates the entire lifecycle of development sandboxes, from initial provisioning to resource governance. The platform distinguishes itself through its infrastructure-agnostic runner layer, which allows development environments to be deployed across local machines, cloud services, or self-managed clusters. It incorporates multi-tenant resource governance to enforce organizational security policies and access controls, alongside event-driven automation that triggers workflows based on infrastructure changes. Furthermore, it enables secure remote connectivity, allowing developers to interact with isolated sandboxes through authenticated tunnels and remote IDE integration. Beyond core orchestration, the platform supports a wide range of development tasks, including integrated terminal access, file system management, and persistent storage mounting. It provides comprehensive observability tools for auditing system activity, monitoring resource consumption, and capturing visual session data. The platform also facilitates advanced automation through programmatic API access, enabling the integration of AI agents and custom workflows directly within the isolated execution environments. The project is implemented in TypeScript and provides a command-line interface and RESTful API for programmatic control over environment lifecycles and infrastructure settings. - [a13xp0p0v/kconfig-hardened-check](https://awesome-repositories.com/repository/a13xp0p0v-kconfig-hardened-check.md) (2,092 ⭐) — A tool for checking the security hardening options of the Linux kernel - [collectiveidea/audited](https://awesome-repositories.com/repository/collectiveidea-audited.md) (3,491 ⭐) — Audited is a Ruby on Rails audit log library and change data capture framework. It tracks model changes by recording previous and current attribute values during create, update, and destroy operations to maintain a complete history of database modifications. The system functions as a database versioning tool and user activity tracker. It allows for the retrieval of historical record states by timestamp or index, enables reverting models to previous versions, and associates record modifications with specific user identities and remote IP addresses. The library includes capabilities for sensitive data protection by filtering encrypted attributes and excluding specific columns from logs. It also provides audit log management tools to control the volume of stored history through record limits and merging of old entries. Additional functionality includes the ability to attach descriptive comments to changes and link audits across associated models. - [bregman-arie/devops-exercises](https://awesome-repositories.com/repository/bregman-arie-devops-exercises.md) (82,879 ⭐) — This project is a comprehensive educational curriculum designed to build proficiency across modern infrastructure, cloud-native technologies, and systems administration. It functions as a reference library and interview preparation resource, offering a structured collection of conceptual questions, practical coding challenges, and hands-on scenarios that cover the full spectrum of software delivery and operational workflows. The repository distinguishes itself through a modular, domain-specific structure that links instructional problem statements with verified implementation examples. By employing a standardized documentation schema, it provides a predictable learning path for mastering complex technical concepts, ranging from infrastructure-as-code patterns and container orchestration to cloud platform administration and security best practices. The content spans a wide array of technical domains, including automated configuration management, distributed system monitoring, database operations, and version control. It provides deep dives into specific tooling for cloud provisioning, container networking, and service deployment, ensuring that learners can validate their technical skills through isolated, practical exercises. All instructional materials are organized into a unified taxonomy of markdown-based documents, allowing users to navigate and study specific technical topics at their own pace. - [dokploy/dokploy](https://awesome-repositories.com/repository/dokploy-dokploy.md) (34,901 ⭐) — Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It supports complex orchestration by allowing users to define multi-container services using standard configuration files, which can be managed through automated build pipelines, Git integration, and real-time performance monitoring. Beyond core deployment, the system includes robust infrastructure management capabilities such as automated backups to external object storage, horizontal and vertical scaling, and granular access control. It also provides secure configuration management, including environment variable synchronization, HTTPS certificate handling, and zero-downtime deployment strategies to ensure application stability and security. The platform is designed for ease of use, offering an interactive API documentation interface and instructional resources to guide users through installation and configuration. It supports a wide range of modern web frameworks and runtimes, providing a flexible environment for hosting and maintaining services on private server hardware. - [arthepsy/ssh-audit](https://awesome-repositories.com/repository/arthepsy-ssh-audit.md) (2,994 ⭐) — SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) - [flarum/framework](https://awesome-repositories.com/repository/flarum-framework.md) (6,727 ⭐) — This project is a self-hosted forum software and extensible community platform designed to facilitate online discussions and member engagement. It functions as a REST API discussion engine, providing a backend that manages community interactions and forum data via a standardized JSON interface for external applications. The platform is distinguished by a modular architecture that allows for deep customization through a package-based extension system and an interface extension framework. It employs an extender-based customization model, enabling external modules to modify internal system behavior by registering callbacks. The framework covers a broad range of administrative and operational capabilities, including permission-based access control, multilingual support management, and automated background task scheduling. It also provides tools for database migration management, administrative action logging, and the configuration of email delivery drivers. The system includes a command-line utility for retrieving system versioning and extension status for debugging purposes. - [flarum/core](https://awesome-repositories.com/repository/flarum-core.md) (6,729 ⭐) — This project is a self-hosted community engine and forum software designed for hosting threaded discussions. It functions as a JSON API community platform, exposing all data and functionality through a standardized interface to support a single-page application architecture. The system is built to be a multi-language discussion board with integrated localization and language pack support. The platform is defined by a modular architecture that allows for extensive customization through an extension-based plugin system. This extensibility enables the modification of core behavior, the addition of new features, and the application of custom visual themes. It further allows for specific behavioral tweaks to application logic without requiring the build of a full extension. The software covers a broad range of administrative and operational capabilities, including member administration, user permission control, and community data migration from legacy systems. It includes tools for system monitoring via audit logs and statistics, automated task scheduling for background jobs, and a flexible email delivery configuration. Visual identity is managed through custom HTML injection, CSS styling, and branding asset management. The system uses a command-line interface for dependency management and retrieving system diagnostics. - [geerlingguy/ansible-for-devops](https://awesome-repositories.com/repository/geerlingguy-ansible-for-devops.md) (9,792 ⭐) — This project is an infrastructure as code framework and library of reusable playbooks designed for server configuration and DevOps workflow automation. It provides a Linux server configuration suite and specialized tools for provisioning multi-node Kubernetes clusters to support containerized applications. The library enables the automation of infrastructure tasks and the orchestration of multi-server workflows. It includes specific logic for deploying containerized workloads and managing application environments across different hosting platforms. The codebase covers broad capability areas including server provisioning, system security hardening, and SSL certificate management. It also incorporates infrastructure code testing to verify stability before deployment. - [dev-sec/ansible-os-hardening](https://awesome-repositories.com/repository/dev-sec-ansible-os-hardening.md) (5,391 ⭐) — This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL - [datawhalechina/vibe-vibe](https://awesome-repositories.com/repository/datawhalechina-vibe-vibe.md) (3,126 ⭐) — vibe-vibe is an LLM agent engineering framework and toolchain optimizer designed for orchestrating multi-agent systems. It serves as a comprehensive guide and methodology for transforming conceptual ideas into deployed applications through agentic software engineering. The project focuses on the orchestration of specialized AI agent roles with defined collaboration boundaries and iterative feedback loops. It provides frameworks for toolchain optimization, including the selection and evaluation of protocols that extend model capabilities and the design of standardized tool interfaces. The system covers a broad range of capabilities, including agent architecture design, prompt engineering workflows, and the management of the AI product development lifecycle. It also addresses technical implementation areas such as API integration, containerized deployment, vector-embedding memory, and security boundary design for agent systems. The project includes an AI software development course and a product development guide to facilitate the transition from traditional programming to AI-assisted engineering. - [formbricks/formbricks](https://awesome-repositories.com/repository/formbricks-formbricks.md) (12,391 ⭐) — Formbricks is an open-source survey and feedback platform designed to help teams capture and analyze user insights through targeted, in-app, and website-based interactions. It functions as a comprehensive customer experience analytics system that allows organizations to maintain full control over their data, user attributes, and survey workflows. The platform distinguishes itself through its event-driven architecture, which enables precise behavioral targeting by triggering surveys based on specific user actions or application events. It supports deep integration with external ecosystems by automatically synchronizing response data to CRMs, databases, and communication tools, while providing programmatic interfaces for managing resources and automating feedback loops. Beyond core collection, the system includes advanced logic for conditional branching, scoring, and personalized routing to create adaptive survey experiences. It offers extensive customization options, including white-labeling, CSS overrides, and multi-channel distribution across web, mobile, and email environments. The platform is built for self-hosting, supporting containerized deployments with built-in multi-tenant data isolation and enterprise-grade security features like single sign-on and role-based access control. - [jtesta/ssh-audit](https://awesome-repositories.com/repository/jtesta-ssh-audit.md) (4,218 ⭐) — SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) - [fail2ban/fail2ban](https://awesome-repositories.com/repository/fail2ban-fail2ban.md) (17,993 ⭐) — Fail2ban is an intrusion prevention system that monitors system log files to detect malicious activity and automatically enforce security policies. By parsing log data in real time, the tool identifies patterns of unauthorized access or repeated authentication failures and responds by dynamically updating network access control lists to restrict offending sources. The software functions as a firewall automation tool that maintains stateful tracking of suspicious behavior across various network services. It utilizes a regex-driven pattern matching engine to identify specific attack signatures, allowing administrators to define custom filter criteria for different services. This approach enables the automated mitigation of brute force attacks and credential stuffing attempts by temporarily banning hosts that exceed configurable security thresholds. The system architecture decouples event detection from the execution of blocking commands, ensuring that security responses do not impact overall system performance. It employs a firewall-abstraction layer to translate these security bans into system-level commands, supporting integration with various packet filtering tools to harden Linux server environments. - [linux-lock/bpflock](https://awesome-repositories.com/repository/linux-lock-bpflock.md) (153 ⭐) — bpflock - eBPF driven security for locking and auditing Linux machines - [denoland/deno](https://awesome-repositories.com/repository/denoland-deno.md) (107,110 ⭐) — Deno is a high-performance runtime for JavaScript and TypeScript that prioritizes security and developer productivity. Built on the V8 engine, it provides a secure execution environment that enforces a default-deny security model, requiring explicit user authorization for access to system resources like the file system, network, and environment variables. The runtime natively supports modern web-standard APIs, ensuring consistent behavior and portability across different environments. What distinguishes Deno is its integrated approach to the software development lifecycle. It bundles essential utilities—including a formatter, linter, test runner, and dependency manager—directly into the runtime, eliminating the need for external build tools or complex transpilation steps. The platform features a universal module resolution system that supports remote HTTPS URLs, local paths, and standard package registries, all backed by lockfiles to ensure build determinism and supply chain security. Beyond its core runtime capabilities, Deno includes a built-in, persistent key-value database engine that supports atomic transactions and reactive data monitoring. It also provides a robust compatibility layer for the Node.js ecosystem, allowing for the seamless execution of legacy modules and native binary addons. For multi-tenant or distributed applications, the runtime offers isolated sandbox environments that manage resource constraints and security boundaries, facilitating secure code execution in shared infrastructure. The project is distributed as a single binary, providing a unified toolchain for managing dependencies, executing tasks, and configuring runtime security policies. - [cryptofinlabs/audit-checklist](https://awesome-repositories.com/repository/cryptofinlabs-audit-checklist.md) (368 ⭐) — A Solidity smart contract auditing checklist - [fingerprintjs/fingerprintjs](https://awesome-repositories.com/repository/fingerprintjs-fingerprintjs.md) (27,334 ⭐) — Fingerprint is a visitor identification and fraud detection platform that generates persistent, unique identifiers by analyzing browser and device attributes. By extracting technical signals from the client environment, it enables reliable user tracking across sessions without relying on traditional cookies. The platform distinguishes itself through its focus on high-accuracy identification and security-first architecture. It employs edge-side proxying to bypass ad-blockers and privacy restrictions, ensuring consistent data collection. To maintain data integrity, it uses cryptographic payload sealing and server-side verification flows, which prevent tampering by ensuring that identification data is processed securely on the backend rather than solely on the client. Beyond core identification, the project provides a comprehensive suite for bot detection and security. It analyzes network metadata, device reputation, and behavioral patterns to identify malicious traffic, AI agents, and automated scrapers. These capabilities are supported by granular risk assessment tools, including confidence scoring and protection rulesets that allow for automated blocking of suspicious interactions. The platform offers extensive administrative and integration features, including multi-environment resource isolation, regional data residency controls, and programmatic API management. It supports diverse deployment environments through framework-specific SDKs, mobile integration, and automated proxy infrastructure deployment. - [aghorler/windows-10-hardening](https://awesome-repositories.com/repository/aghorler-windows-10-hardening.md) (175 ⭐) — An admittedly frivolous (and infrequently updated) attempt to harden Windows 10. - [cube-js/cube](https://awesome-repositories.com/repository/cube-js-cube.md) (20,251 ⭐) — Cube is a semantic data layer that provides a unified framework for defining business metrics, dimensions, and relationships across diverse data sources. By acting as a headless business intelligence engine, it transforms raw data into a governed model that can be queried via SQL, REST, and GraphQL interfaces. This architecture ensures consistent data definitions and logic across all downstream analytical applications and reporting tools. The platform distinguishes itself through its integrated conversational AI capabilities, which allow users to explore data using natural language. It orchestrates these interactions by mapping questions to the underlying semantic model, ensuring that AI-generated insights remain accurate and context-aware. Furthermore, Cube is designed for multi-tenant environments, offering robust infrastructure isolation, row-level security, and dynamic context injection to ensure that data access is strictly governed and personalized for every user or tenant. Beyond its core modeling and AI features, the platform includes a comprehensive suite of tools for performance optimization, including automated pre-aggregation caching and asynchronous query queuing. It supports a wide range of data sources and deployment models, from self-hosted containers to managed cloud environments. The system also provides extensive programmatic control over report management, dashboard publishing, and user identity synchronization, making it suitable for embedding interactive analytics directly into custom software applications. - [zeroclaw-labs/zeroclaw](https://awesome-repositories.com/repository/zeroclaw-labs-zeroclaw.md) (31,920 ⭐) — Zeroclaw is a modular framework for building and deploying autonomous agents that integrate AI models, messaging platforms, and hardware interfaces. It functions as a multi-agent orchestrator and embedded systems controller, providing a unified runtime for managing agent lifecycles, memory, and security policies across diverse environments. The system distinguishes itself through its focus on secure, verifiable hardware and software orchestration. It enforces strict security boundaries, including command allowlisting, resource throttling, and interactive human-in-the-loop approval for sensitive operations. Agents operate within isolated, containerized runtimes and can perform verifiable tool execution by generating cryptographic proofs for every action, ensuring integrity in both digital and physical tasks. The platform supports a wide range of operational capabilities, including cross-platform messaging, real-time voice integration, and low-level hardware control via serial protocols and GPIO pins. It features a pluggable architecture that allows for automatic provider failover, model routing, and persistent memory storage, all managed through a centralized configuration system. The project provides comprehensive tooling for development and deployment, including containerized build orchestration, hardware simulation, and native support for declarative infrastructure management. It is designed to run as a persistent background service, with built-in observability tools for auditing execution states and monitoring system health. - [wsargent/docker-cheat-sheet](https://awesome-repositories.com/repository/wsargent-docker-cheat-sheet.md) (22,529 ⭐) — This project is an administrative reference for Docker, providing guides and command references for system maintenance, image building, network configuration, and security hardening. It serves as a comprehensive manual for managing the container lifecycle and performing general system administration. The reference covers the construction and optimization of images through build files, layering strategies, and registry integration. It also provides instructions for configuring isolated virtual networks, mapping ports, and implementing security hardening using Linux capabilities and read-only filesystems. Additional guidance is provided for container management, storage administration, and resource optimization. This includes techniques for limiting CPU and memory usage, analyzing disk consumption, and managing persistent volumes or bidirectional file transfers. - [homesecexplorer/proxmox-hardening-guide](https://awesome-repositories.com/repository/homesecexplorer-proxmox-hardening-guide.md) (0 ⭐) — The Proxmox Hardening Guide project provides structured, actionable recommendations to secure Proxmox Virtual Environment (PVE 9.x & 8.x) and Proxmox Backup Server (PBS 4.x & 3.x). - [backstage/backstage](https://awesome-repositories.com/repository/backstage-backstage.md) (33,679 ⭐) — Backstage is an open-source framework for building internal developer portals. It provides a centralized, metadata-driven software catalog that tracks ownership, dependencies, and lifecycle status for all technical assets by harvesting configuration files directly from version control systems. The platform is built on a plugin-based modular architecture, allowing teams to extend core functionality through isolated, independently deployable modules that integrate into a unified frontend and backend ecosystem. The project distinguishes itself through its focus on developer productivity and standardized workflows. It includes a template-driven scaffolding engine that automates the creation of new software projects, ensuring consistent architecture and best practices across teams. The platform also features granular, policy-based access control and secure proxy routing, which manage authentication and protect sensitive internal resources while aggregating infrastructure tools and documentation into a single, searchable interface. Beyond its core catalog and scaffolding capabilities, the platform supports a wide range of operational needs, including infrastructure monitoring, technical documentation management, and automated notification delivery. It provides standardized patterns for custom plugin development, testing, and interface composition, enabling organizations to tailor the portal to their specific requirements. The system is designed to be extensible, with support for AI integration, usage analytics, and interface localization to accommodate diverse organizational needs. - [owasp/top10](https://awesome-repositories.com/repository/owasp-top10.md) (5,273 ⭐) — This project is a web application security standard and vulnerability framework. It provides a comprehensive list of the most critical security risks facing web applications, paired with technical guidance and a structured methodology for identifying and mitigating these flaws. The framework functions as a secure coding guide and a risk assessment methodology, offering a standardized approach to prioritizing vulnerabilities based on their potential impact and likelihood of exploitation. It defines architectural patterns and technical recommendations to help developers implement defense in depth across the entire software lifecycle. The project covers a broad surface of security capabilities, including identity and access management, API security hardening, and software supply chain security. It also provides guidance on secure software development, security compliance auditing, and the integration of threat modeling and code reviews into the development process. - [chatwoot/chatwoot](https://awesome-repositories.com/repository/chatwoot-chatwoot.md) (31,959 ⭐) — Chatwoot is a self-hosted, omnichannel customer support platform designed to aggregate messages from diverse social and digital channels into a single, collaborative team inbox. It provides organizations with full data ownership and control over their support infrastructure, ensuring strict logical separation of customer data through multi-tenant architecture. By centralizing communication, the platform enables teams to manage, route, and resolve inquiries within a unified workspace that maintains complete interaction history for every contact. The platform distinguishes itself through an event-driven automation engine and a visual rule builder that allow teams to manage conversations and workflows without writing custom code. It incorporates intelligent features such as automated response drafting, conversation context recall, and a self-service knowledge base to improve agent efficiency. These capabilities are supported by granular role-based access controls and comprehensive performance analytics, which provide insights into agent productivity, inbox activity, and customer satisfaction trends. Beyond its core messaging and routing functions, the system offers a broad suite of operational tools including proactive engagement triggers, team workload balancing, and multilingual support. It supports flexible deployment strategies, including containerized and cloud-native orchestration, to accommodate various production environments. The platform is designed for extensibility, allowing for custom attribute management and integration with external systems via webhooks and API-based channels. - [gitbookio/gitbook](https://awesome-repositories.com/repository/gitbookio-gitbook.md) (28,902 ⭐) — Gitbook is a documentation-as-code platform designed for centralized technical knowledge management. It functions as a knowledge management system that synchronizes documentation files directly with version control repositories, allowing teams to maintain content alongside their source code. The platform distinguishes itself through an integrated artificial intelligence layer that provides context-aware search assistance and automated content suggestions. By utilizing block-based content modeling, it enables the construction of structured, modular documentation that can be compiled into static sites or deployed as secure, branded portals. The system includes comprehensive tools for enterprise-grade publishing, including role-based access control, content localization, and custom domain configuration. It also incorporates observability features that analyze search queries to identify information gaps and improve the overall quality of technical documentation. - [shnatsel/rust-audit](https://awesome-repositories.com/repository/shnatsel-rust-audit.md) (828 ⭐) — Make production Rust binaries auditable - [owasp/cheatsheetseries](https://awesome-repositories.com/repository/owasp-cheatsheetseries.md) (32,298 ⭐) — The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentralized, collaborative editorial process. By utilizing a version-controlled, markdown-based workflow, the series ensures that security guidance remains vendor-neutral, peer-reviewed, and universally accessible. This structure allows the community to rapidly evolve and maintain technical documentation, ensuring that defensive strategies keep pace with emerging threats and shifting technology stacks. The project provides extensive coverage of critical security areas, including robust input validation, access control enforcement, and supply chain risk management. It offers detailed implementation guides for securing cloud-native architectures, containerized environments, and various language-specific frameworks. Furthermore, the series addresses advanced topics such as artificial intelligence agent safety, prompt injection prevention, and zero-trust architectural principles. The documentation is maintained as an open-source repository, with content transformed into a navigable web format through automated static site generation. - [pypa/pip-audit](https://awesome-repositories.com/repository/pypa-pip-audit.md) (1,318 ⭐) — Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them