awesome-repositories.com
Blog
awesome-repositories.com

Descoperă cele mai bune repository-uri open source cu căutare AI.

ExploreazăCăutări recomandateAlternative open-sourceSoftware self-hostedBlogHartă site
ProiectDespreCum realizăm clasamentulPresăServer MCP
LegalConfidențialitateTermeni
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

16 repository-uri

Awesome GitHub RepositoriesServer Hardening

Best practices for securing server-side environments and execution contexts.

Distinguishing note: Focuses on server-side environment hardening rather than client-side security.

Explore 16 awesome GitHub repositories matching security & cryptography · Server Hardening. Refine with filters or upvote what's useful.

Awesome Server Hardening GitHub Repositories

Găsește cele mai bune repo-uri cu AI.Vom căuta cele mai potrivite repository-uri folosind AI.
  • addyosmani/agent-skillsAvatar addyosmani

    addyosmani/agent-skills

    60,849Vezi pe GitHub↗

    Agent-skills is a collection of structured instructions and behavioral personas designed to standardize how AI coding agents perform engineering tasks. It functions as a workflow orchestrator that maps natural language intent to repeatable technical sequences and verification checklists. The project distinguishes itself through the use of specialized markdown-defined roles, such as security auditors or test engineers, to apply targeted domain expertise. It employs an evidence-based verification model that requires runtime data or passing tests as mandatory exit criteria to ensure AI-generated

    Secures server-side environments using security headers and restricted CORS origins to reduce attack surface.

    Shellagent-skillsantigravityantigravity-ide
    Vezi pe GitHub↗60,849
  • owasp/cheatsheetseriesAvatar OWASP

    OWASP/CheatSheetSeries

    32,298Vezi pe GitHub↗

    The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral

    Hardens server-side execution contexts to prevent common vulnerabilities.

    Pythonapplication-securityappsecbest-practices
    Vezi pe GitHub↗32,298
  • geniusvjr/learningnotesAvatar GeniusVJR

    GeniusVJR/LearningNotes

    13,145Vezi pe GitHub↗

    LearningNotes este o bază de cunoștințe tehnice și un ghid de studiu de inginerie axat pe internele framework-ului Android, arhitectura sistemului și optimizarea performanței mobile. Servește drept referință pentru analizarea secvenței de boot Android, bootstrapping-ul proceselor și inițializarea serviciilor de sistem. Proiectul oferă ghiduri detaliate despre performanța mobilă, inclusiv strategii pentru reducerea amprentei de memorie, identificarea scurgerilor de memorie și optimizarea decodării imaginilor. Acoperă, de asemenea, comunicarea inter-proces Android folosind AIDL și driverul de kernel Binder, precum și manuale de arhitectură software pentru decuplarea logicii de business de interfețele utilizator prin tipare precum MVVM și MVP. Dincolo de dezvoltarea mobilă, repository-ul include o bază de cunoștințe de informatică pentru pregătirea interviurilor tehnice, acoperind structuri de date, algoritmi și concepte de sistem de operare. De asemenea, dispune de o referință practică pentru controlul versiunilor Git, detaliind gestionarea repository-ului, sincronizarea și fluxurile de lucru de branching.

    Covers the configuration of SSH keys to enable secure, passwordless communication with remote hosting providers.

    Vezi pe GitHub↗13,145
  • trimstray/test-your-sysadmin-skillsAvatar trimstray

    trimstray/test-your-sysadmin-skills

    11,667Vezi pe GitHub↗

    This project is a Linux system administration question bank designed to evaluate knowledge of server management. It serves as a technical reference and study guide through a collection of curated questions and answers. The resource provides targeted preparation for technical interviews and professional exams. It specifically covers DevOps interview preparation, including containerization, continuous integration, and version control. The knowledge base spans several core competency areas, including system internals, kernel architectures, and the Linux boot process. It also includes materials

    Supplies technical knowledge and questions on securing servers and mitigating web vulnerabilities.

    answersbsdcheatsheets
    Vezi pe GitHub↗11,667
  • trimstray/the-practical-linux-hardening-guideAvatar trimstray

    trimstray/the-practical-linux-hardening-guide

    10,545Vezi pe GitHub↗

    This project is a comprehensive Linux server hardening guide and infrastructure documentation resource. It provides a set of validated security baselines and step-by-step instructions for implementing security controls and configuration best practices to protect production environments. The guide focuses on aligning systems with industry-standard security benchmarks, specifically those provided by the Center for Internet Security and Security Technical Implementation Guides. It includes a framework for using OpenSCAP to scan system configurations, verify compliance against reference profiles,

    Provides automated application of security configurations and directory permissions for server hardening.

    Vezi pe GitHub↗10,545
  • sovereign/sovereignS

    sovereign/sovereign

    10,506Vezi pe GitHub↗

    Sovereign is a self-hosted cloud orchestrator and infrastructure-as-code toolkit designed to establish personal data sovereignty. It provides a suite of automation scripts to deploy a private cloud infrastructure consisting of open-source services for data storage, communication, and web hosting on private hardware. The project focuses on the independent management of digital assets through the deployment of private email servers, git hosting, and file synchronization systems. It distinguishes itself by automating the full stack of server administration, from initial Linux server automation t

    Implements security best practices to harden the server environment against unauthorized access.

    HTML
    Vezi pe GitHub↗10,506
  • geerlingguy/ansible-for-devopsAvatar geerlingguy

    geerlingguy/ansible-for-devops

    9,792Vezi pe GitHub↗

    This project is an infrastructure as code framework and library of reusable playbooks designed for server configuration and DevOps workflow automation. It provides a Linux server configuration suite and specialized tools for provisioning multi-node Kubernetes clusters to support containerized applications. The library enables the automation of infrastructure tasks and the orchestration of multi-server workflows. It includes specific logic for deploying containerized workloads and managing application environments across different hosting platforms. The codebase covers broad capability areas

    Automatically applies security configurations and hardening tasks to protect server environments from vulnerabilities.

    Pythonamazonansibleaws
    Vezi pe GitHub↗9,792
  • runtipi/runtipiAvatar runtipi

    runtipi/runtipi

    9,499Vezi pe GitHub↗

    Runtipi is a home server dashboard and orchestration tool designed for deploying and managing containerized applications. It provides a web-based interface for discovering and installing software from a curated app store, utilizing a Docker Compose orchestrator to handle the deployment of self-hosted services. The system integrates a reverse proxy and SSL manager to route external traffic to internal containers, automating HTTPS certificate renewal and domain assignment. It also features a built-in backup and update manager that uses cron-based scheduling to perform automatic security patchin

    Protects the server and hosted data from unauthorized access using security hardening configurations.

    TypeScripthomeserverlinuxself-hosted
    Vezi pe GitHub↗9,499
  • hiddify/hiddify-managerAvatar hiddify

    hiddify/Hiddify-Manager

    9,060Vezi pe GitHub↗

    Hiddify-Manager is a VPN management panel and multi-protocol proxy server designed for internet censorship circumvention. It provides a central system for deploying and administering tunneling protocols to mask internet traffic and origin IP addresses. The project features a user subscription manager for distributing dynamic configuration links and a DNS privacy suite that implements DNS over HTTPS to prevent identity leaks. It integrates a CDN routing gateway to hide server locations and provides a web-based interface for managing multiple obfuscated connection methods. The platform covers

    Harden server security through firewall configuration and SSH password authentication disabling.

    Pythonclashclashforwindowsclashmeta
    Vezi pe GitHub↗9,060
  • spacebarchat/spacebarchatAvatar spacebarchat

    spacebarchat/spacebarchat

    6,680Vezi pe GitHub↗

    SpaceBarChat is an open-source, self-hosted chat server that implements the Discord client-server protocol, allowing existing Discord clients and bots to connect without modification. It provides a complete communication platform for real-time messaging, voice, and video, all running on your own infrastructure with data stored in a PostgreSQL database that automatically synchronizes its schema with the application source code. The platform is built on a three-service architecture that separates API, Gateway, and CDN processes, communicating via Unix domain sockets or RabbitMQ for coordination

    Provides security hardening measures tailored to self-hosted chat server deployments.

    discorddiscord-open-sourcefoss
    Vezi pe GitHub↗6,680
  • shadowsocksr-backup/shadowsocksrAvatar shadowsocksr-backup

    shadowsocksr-backup/shadowsocksr

    6,142Vezi pe GitHub↗

    ShadowsocksR este o implementare bazată pe Python a unui server proxy SOCKS5, concepută pentru a tunela traficul de rețea prin conexiuni criptate. Acesta funcționează ca un tunel de rețea criptat care ofuschează traficul de internet pentru a ocoli restricțiile de rețea și firewall-urile. Proiectul include funcții de securizare pentru a proteja serverul proxy împotriva accesului neautorizat, în special prin blocarea adreselor IP care încearcă atacuri de tip brute force asupra credențialelor. Serverul gestionează traficul TCP și UDP bidirecțional și poate fi executat ca un daemon de sistem în fundal pentru a menține o conectivitate persistentă. Suportă criptarea cu cheie simetrică și utilizează configurarea bazată pe fișiere pentru gestionarea setărilor serverului și a cheilor de criptare.

    Hardens the proxy server by blocking unauthorized IP addresses attempting brute force attacks.

    Python
    Vezi pe GitHub↗6,142
  • dev-sec/ansible-collection-hardeningAvatar dev-sec

    dev-sec/ansible-collection-hardening

    5,225Vezi pe GitHub↗

    This is an Ansible collection that automates security hardening for Linux operating systems, databases, web servers, and SSH services. It provides a declarative, modular architecture that enforces idempotent security configurations, ensuring that each task only applies changes when the current system state deviates from the desired security baseline. The collection organizes security configurations into reusable Ansible roles, each targeting a specific system component. It includes roles for hardening OpenSSH with key-only authentication and disabled root login, securing MySQL and MariaDB ins

    Ansible roles that enforce key-based authentication, disable root login, and restrict cipher suites on SSH servers.

    Jinjaansibleansible-collectioncollection
    Vezi pe GitHub↗5,225
  • jetkvm/kvmAvatar jetkvm

    jetkvm/kvm

    4,731Vezi pe GitHub↗

    This project provides KVM over IP hardware and software for remote computer management. It functions as an ATX power management controller, a remote serial console server, and a virtual media emulator. A WebRTC remote access gateway is used to bypass NAT and firewalls for low-latency hardware control via a web browser. The system is distinguished by its ability to simulate physical peripherals at the hardware level, including HID device emulation for keyboard and mouse input and USB mass storage emulation for streaming ISO images. It features a UART-to-web bridge for remote serial console acc

    Allows secure remote modification of system settings and firmware management through public key authentication.

    TypeScriptkvm
    Vezi pe GitHub↗4,731
  • jtesta/ssh-auditAvatar jtesta

    jtesta/ssh-audit

    4,218Vezi pe GitHub↗

    Acest proiect este un instrument de audit de securitate SSH conceput pentru a analiza configurațiile serverului și ale clientului. Acesta funcționează ca un analizor criptografic care evaluează algoritmii de schimb de chei, MAC și criptare pentru a identifica primitivele slabe sau moștenite și pentru a asigura conformitatea cu securitatea. Instrumentul se distinge prin furnizarea unui ghid de hardening cu instrucțiuni de configurare specifice platformei și recomandări de algoritmi pentru a remedia vulnerabilitățile detectate. Include, de asemenea, un tester de denial of service care măsoară reziliența serverului împotriva epuizării CPU și a atacurilor de conexiune socket concurente. Capabilitățile largi acoperă auditul de securitate și testarea vulnerabilităților, inclusiv validarea politicilor de securitate și identificarea versiunilor software. Proiectul efectuează, de asemenea, validarea criptografică prin testarea dimensiunii modulului Diffie-Hellman și evaluează comportamentul software-ului client prin analiză bazată pe listener.

    Scans SSH servers to identify weak encryption algorithms and outdated configurations to improve security.

    Python
    Vezi pe GitHub↗4,218
  • octelium/octeliumAvatar octelium

    octelium/octelium

    3,371Vezi pe GitHub↗

    Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,

    Allows toggling SSH protocol capabilities such as local port forwarding and SFTP subsystems.

    Goabacai-gatewayapi-gateway
    Vezi pe GitHub↗3,371
  • google/google-authenticator-libpamAvatar google

    google/google-authenticator-libpam

    1,988Vezi pe GitHub↗

    Acest proiect este un Pluggable Authentication Module (PAM) pentru sistemele Linux care impune verificarea identității cu mai mulți factori (MFA). Se integrează direct în stack-ul de autentificare al sistemului pentru a solicita parole unice bazate pe timp (TOTP) alături de credențialele standard ale utilizatorului, oferind un mecanism pentru a securiza accesul local și remote la shell. Modulul se distinge prin implementarea algoritmului de parolă unică bazată pe timp, care include suport încorporat pentru compensarea decalajului de ceas (clock-skew) pentru a ține cont de discrepanțele de timp dintre servere și dispozitivele utilizatorilor. Gestionează cheile secrete individuale ale utilizatorilor printr-un mecanism de persistență local bazat pe fișiere și suportă stivuirea modulară, permițând administratorilor să transmită credențiale între mai multe module de autentificare în cadrul unui singur flux de login. Dincolo de verificarea de bază, instrumentul oferă setări de politică configurabile care permit administratorilor să definească perioade de grație și să gestioneze locațiile fișierelor secrete. Facilitează sincronizarea secretelor unice de autentificare cu aplicațiile mobile, asigurându-se că impunerea multi-factor rămâne funcțională în timp ce menține standardele de securitate la nivel de sistem.

    Hardens server access by mandating multi-factor verification for all shell login attempts.

    C2fagoogle-authenticatorpam
    Vezi pe GitHub↗1,988
  1. Home
  2. Security & Cryptography
  3. Server Hardening

Explorează sub-etichetele

  • SSH Hardening PlaybooksAnsible roles that enforce key-based authentication, disable root login, and restrict cipher suites on SSH servers. **Distinct from Server Hardening:** Distinct from Server Hardening: focuses specifically on SSH daemon configuration rather than general server environment hardening.
  • SSH Security Configurations1 sub-tagConfiguring OpenSSH to enforce key-based authentication, disable root login, and restrict cipher suites. **Distinct from Server Hardening:** Distinct from Server Hardening: focuses specifically on SSH daemon configuration and access control, not general server environment hardening.
  • SSH Server Security ScanningScanning SSH servers to identify weak encryption and outdated configurations for remediation. **Distinct from SSH Hardening Playbooks:** Focuses on the scanning and identification phase rather than the deployment of hardening playbooks
  • Self-Hosted ChatSecurity measures specifically for protecting self-hosted chat servers from unauthorized access and attacks. **Distinct from Server Hardening:** Distinct from Server Hardening: focuses on the unique security requirements of self-hosted chat servers, including protocol-specific protections and multi-service architecture hardening.