16 repository-uri
Best practices for securing server-side environments and execution contexts.
Distinguishing note: Focuses on server-side environment hardening rather than client-side security.
Explore 16 awesome GitHub repositories matching security & cryptography · Server Hardening. Refine with filters or upvote what's useful.
Agent-skills is a collection of structured instructions and behavioral personas designed to standardize how AI coding agents perform engineering tasks. It functions as a workflow orchestrator that maps natural language intent to repeatable technical sequences and verification checklists. The project distinguishes itself through the use of specialized markdown-defined roles, such as security auditors or test engineers, to apply targeted domain expertise. It employs an evidence-based verification model that requires runtime data or passing tests as mandatory exit criteria to ensure AI-generated
Secures server-side environments using security headers and restricted CORS origins to reduce attack surface.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Hardens server-side execution contexts to prevent common vulnerabilities.
LearningNotes este o bază de cunoștințe tehnice și un ghid de studiu de inginerie axat pe internele framework-ului Android, arhitectura sistemului și optimizarea performanței mobile. Servește drept referință pentru analizarea secvenței de boot Android, bootstrapping-ul proceselor și inițializarea serviciilor de sistem. Proiectul oferă ghiduri detaliate despre performanța mobilă, inclusiv strategii pentru reducerea amprentei de memorie, identificarea scurgerilor de memorie și optimizarea decodării imaginilor. Acoperă, de asemenea, comunicarea inter-proces Android folosind AIDL și driverul de kernel Binder, precum și manuale de arhitectură software pentru decuplarea logicii de business de interfețele utilizator prin tipare precum MVVM și MVP. Dincolo de dezvoltarea mobilă, repository-ul include o bază de cunoștințe de informatică pentru pregătirea interviurilor tehnice, acoperind structuri de date, algoritmi și concepte de sistem de operare. De asemenea, dispune de o referință practică pentru controlul versiunilor Git, detaliind gestionarea repository-ului, sincronizarea și fluxurile de lucru de branching.
Covers the configuration of SSH keys to enable secure, passwordless communication with remote hosting providers.
This project is a Linux system administration question bank designed to evaluate knowledge of server management. It serves as a technical reference and study guide through a collection of curated questions and answers. The resource provides targeted preparation for technical interviews and professional exams. It specifically covers DevOps interview preparation, including containerization, continuous integration, and version control. The knowledge base spans several core competency areas, including system internals, kernel architectures, and the Linux boot process. It also includes materials
Supplies technical knowledge and questions on securing servers and mitigating web vulnerabilities.
This project is a comprehensive Linux server hardening guide and infrastructure documentation resource. It provides a set of validated security baselines and step-by-step instructions for implementing security controls and configuration best practices to protect production environments. The guide focuses on aligning systems with industry-standard security benchmarks, specifically those provided by the Center for Internet Security and Security Technical Implementation Guides. It includes a framework for using OpenSCAP to scan system configurations, verify compliance against reference profiles,
Provides automated application of security configurations and directory permissions for server hardening.
Sovereign is a self-hosted cloud orchestrator and infrastructure-as-code toolkit designed to establish personal data sovereignty. It provides a suite of automation scripts to deploy a private cloud infrastructure consisting of open-source services for data storage, communication, and web hosting on private hardware. The project focuses on the independent management of digital assets through the deployment of private email servers, git hosting, and file synchronization systems. It distinguishes itself by automating the full stack of server administration, from initial Linux server automation t
Implements security best practices to harden the server environment against unauthorized access.
This project is an infrastructure as code framework and library of reusable playbooks designed for server configuration and DevOps workflow automation. It provides a Linux server configuration suite and specialized tools for provisioning multi-node Kubernetes clusters to support containerized applications. The library enables the automation of infrastructure tasks and the orchestration of multi-server workflows. It includes specific logic for deploying containerized workloads and managing application environments across different hosting platforms. The codebase covers broad capability areas
Automatically applies security configurations and hardening tasks to protect server environments from vulnerabilities.
Runtipi is a home server dashboard and orchestration tool designed for deploying and managing containerized applications. It provides a web-based interface for discovering and installing software from a curated app store, utilizing a Docker Compose orchestrator to handle the deployment of self-hosted services. The system integrates a reverse proxy and SSL manager to route external traffic to internal containers, automating HTTPS certificate renewal and domain assignment. It also features a built-in backup and update manager that uses cron-based scheduling to perform automatic security patchin
Protects the server and hosted data from unauthorized access using security hardening configurations.
Hiddify-Manager is a VPN management panel and multi-protocol proxy server designed for internet censorship circumvention. It provides a central system for deploying and administering tunneling protocols to mask internet traffic and origin IP addresses. The project features a user subscription manager for distributing dynamic configuration links and a DNS privacy suite that implements DNS over HTTPS to prevent identity leaks. It integrates a CDN routing gateway to hide server locations and provides a web-based interface for managing multiple obfuscated connection methods. The platform covers
Harden server security through firewall configuration and SSH password authentication disabling.
SpaceBarChat is an open-source, self-hosted chat server that implements the Discord client-server protocol, allowing existing Discord clients and bots to connect without modification. It provides a complete communication platform for real-time messaging, voice, and video, all running on your own infrastructure with data stored in a PostgreSQL database that automatically synchronizes its schema with the application source code. The platform is built on a three-service architecture that separates API, Gateway, and CDN processes, communicating via Unix domain sockets or RabbitMQ for coordination
Provides security hardening measures tailored to self-hosted chat server deployments.
ShadowsocksR este o implementare bazată pe Python a unui server proxy SOCKS5, concepută pentru a tunela traficul de rețea prin conexiuni criptate. Acesta funcționează ca un tunel de rețea criptat care ofuschează traficul de internet pentru a ocoli restricțiile de rețea și firewall-urile. Proiectul include funcții de securizare pentru a proteja serverul proxy împotriva accesului neautorizat, în special prin blocarea adreselor IP care încearcă atacuri de tip brute force asupra credențialelor. Serverul gestionează traficul TCP și UDP bidirecțional și poate fi executat ca un daemon de sistem în fundal pentru a menține o conectivitate persistentă. Suportă criptarea cu cheie simetrică și utilizează configurarea bazată pe fișiere pentru gestionarea setărilor serverului și a cheilor de criptare.
Hardens the proxy server by blocking unauthorized IP addresses attempting brute force attacks.
This is an Ansible collection that automates security hardening for Linux operating systems, databases, web servers, and SSH services. It provides a declarative, modular architecture that enforces idempotent security configurations, ensuring that each task only applies changes when the current system state deviates from the desired security baseline. The collection organizes security configurations into reusable Ansible roles, each targeting a specific system component. It includes roles for hardening OpenSSH with key-only authentication and disabled root login, securing MySQL and MariaDB ins
Ansible roles that enforce key-based authentication, disable root login, and restrict cipher suites on SSH servers.
This project provides KVM over IP hardware and software for remote computer management. It functions as an ATX power management controller, a remote serial console server, and a virtual media emulator. A WebRTC remote access gateway is used to bypass NAT and firewalls for low-latency hardware control via a web browser. The system is distinguished by its ability to simulate physical peripherals at the hardware level, including HID device emulation for keyboard and mouse input and USB mass storage emulation for streaming ISO images. It features a UART-to-web bridge for remote serial console acc
Allows secure remote modification of system settings and firmware management through public key authentication.
Acest proiect este un instrument de audit de securitate SSH conceput pentru a analiza configurațiile serverului și ale clientului. Acesta funcționează ca un analizor criptografic care evaluează algoritmii de schimb de chei, MAC și criptare pentru a identifica primitivele slabe sau moștenite și pentru a asigura conformitatea cu securitatea. Instrumentul se distinge prin furnizarea unui ghid de hardening cu instrucțiuni de configurare specifice platformei și recomandări de algoritmi pentru a remedia vulnerabilitățile detectate. Include, de asemenea, un tester de denial of service care măsoară reziliența serverului împotriva epuizării CPU și a atacurilor de conexiune socket concurente. Capabilitățile largi acoperă auditul de securitate și testarea vulnerabilităților, inclusiv validarea politicilor de securitate și identificarea versiunilor software. Proiectul efectuează, de asemenea, validarea criptografică prin testarea dimensiunii modulului Diffie-Hellman și evaluează comportamentul software-ului client prin analiză bazată pe listener.
Scans SSH servers to identify weak encryption algorithms and outdated configurations to improve security.
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,
Allows toggling SSH protocol capabilities such as local port forwarding and SFTP subsystems.
Acest proiect este un Pluggable Authentication Module (PAM) pentru sistemele Linux care impune verificarea identității cu mai mulți factori (MFA). Se integrează direct în stack-ul de autentificare al sistemului pentru a solicita parole unice bazate pe timp (TOTP) alături de credențialele standard ale utilizatorului, oferind un mecanism pentru a securiza accesul local și remote la shell. Modulul se distinge prin implementarea algoritmului de parolă unică bazată pe timp, care include suport încorporat pentru compensarea decalajului de ceas (clock-skew) pentru a ține cont de discrepanțele de timp dintre servere și dispozitivele utilizatorilor. Gestionează cheile secrete individuale ale utilizatorilor printr-un mecanism de persistență local bazat pe fișiere și suportă stivuirea modulară, permițând administratorilor să transmită credențiale între mai multe module de autentificare în cadrul unui singur flux de login. Dincolo de verificarea de bază, instrumentul oferă setări de politică configurabile care permit administratorilor să definească perioade de grație și să gestioneze locațiile fișierelor secrete. Facilitează sincronizarea secretelor unice de autentificare cu aplicațiile mobile, asigurându-se că impunerea multi-factor rămâne funcțională în timp ce menține standardele de securitate la nivel de sistem.
Hardens server access by mandating multi-factor verification for all shell login attempts.