Skip to content
@dev-sec

DevSec Hardening Framework

Security + DevOps: Automatic Server Hardening
README.md

DevSec Hardening Framework

banner

Challenge

Running secure infrastructure is a difficult task. Although server hardening is a well-known topic with many guides out in the wild, it is still very cumbersome to apply and verify secure configuration. If you manage many server, they need to be configured properly and maintained, which is difficult and time-consuming to get right. To answer these needs for security, compliance, and maintainability, we decided to launch this project as a common ground for requirements and their fulfillment.

Vision / Goal

Our goal is simple: Create a common layer for operating system and services hardening. Even if you aren’t knee-deep in configuration manuals for services or the latest security recommendations, you will be able to implement and use this framework with ease.

Pinned Loading

  1. ansible-collection-hardening ansible-collection-hardening Public

    This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

    Jinja 5.3k 822

  2. chef-os-hardening chef-os-hardening Public

    This chef cookbook provides numerous security-related configurations, providing all-round base protection.

    Ruby 450 131

  3. puppet-os-hardening puppet-os-hardening Public

    This puppet module provides numerous security-related configurations, providing all-round base protection.

    Puppet 290 100

  4. linux-baseline linux-baseline Public

    DevSec Linux Baseline - InSpec Profile

    Ruby 865 191

  5. cis-docker-benchmark cis-docker-benchmark Public

    CIS Docker Benchmark - InSpec Profile

    Ruby 524 118

  6. cis-kubernetes-benchmark cis-kubernetes-benchmark Public

    CIS Kubernetes Benchmark - InSpec Profile

    Ruby 310 77

Repositories

Showing 10 of 51 repositories
  • puppet-os-hardening Public

    This puppet module provides numerous security-related configurations, providing all-round base protection.

    dev-sec/puppet-os-hardening’s past year of commit activity
    Puppet 290 Apache-2.0 100 14 (1 issue needs help) 8 Updated Mar 8, 2026
  • docker-ansible Public

    Docker containers that include ansible latest stable 2.x version.

    dev-sec/docker-ansible’s past year of commit activity
    Dockerfile 26 GPL-3.0 16 4 4 Updated Mar 6, 2026
  • puppet-apache-hardening Public

    Apache Web Server Hardening with Puppet

    dev-sec/puppet-apache-hardening’s past year of commit activity
    HTML 16 10 0 1 Updated Mar 5, 2026
  • ansible-collection-hardening Public

    This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

    dev-sec/ansible-collection-hardening’s past year of commit activity
    Jinja 5,265 Apache-2.0 822 56 (2 issues need help) 21 Updated Mar 5, 2026
  • .github Public
    dev-sec/.github’s past year of commit activity
    3 1 1 2 Updated Mar 5, 2026
  • chef-apache-hardening Public
    dev-sec/chef-apache-hardening’s past year of commit activity
    Ruby 25 Apache-2.0 8 3 4 Updated Mar 2, 2026
  • chef-windows-hardening Public

    This chef cookbook provides windows hardening configurations for the DevSec Windows baseline profile.

    dev-sec/chef-windows-hardening’s past year of commit activity
    Ruby 105 40 14 (1 issue needs help) 6 Updated Mar 2, 2026
  • chef-os-hardening Public

    This chef cookbook provides numerous security-related configurations, providing all-round base protection.

    dev-sec/chef-os-hardening’s past year of commit activity
    Ruby 450 Apache-2.0 131 8 (2 issues need help) 9 Updated Feb 27, 2026
  • chef-mysql-hardening Public

    This chef cookbook provides security configuration for mysql.

    dev-sec/chef-mysql-hardening’s past year of commit activity
    Ruby 27 Apache-2.0 8 2 6 Updated Feb 26, 2026
  • chef-postgres-hardening Public

    This chef cookbook provides security configuration for PostgreSQL.

    dev-sec/chef-postgres-hardening’s past year of commit activity
    Ruby 28 Apache-2.0 8 2 3 Updated Feb 26, 2026
View all repositories