Security-resources

This repository contains useful links related to information security,penetration testing.

Security hardening tools for linux

• Lynis - https://github.com/CISOfy/lynis
• Linux socket monitor - http://www.rfxn.com/downloads/lsm-current.tar.gz
• Find hidden processes and TCP/UDP ports by rootkits using unhide - https://github.com/YJesus/Unhide
• Linux malware detector - https://github.com/rfxn/linux-malware-detect
• Unix audit made easier for CentOS/RHEL - https://github.com/XalfiE/Nix-Auditor
• Bastille linux - http://bastille-linux.sourceforge.net/running_bastille_on.htm#top
• YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool - https://github.com/montjoie/yasat
• Open source security auditing tool to search and dump system configuration - https://github.com/trimstray/otseca
• System Security Checker is a bundle of small shell scripts to assess your computer security - https://github.com/infertux/sysechk

Tomcat hardening

• Tomcat CIS script - https://github.com/nikhil1232/apache-tomcat-9.0-CIS-Benchmark-script

• Security hardened tomcat docker container - https://github.com/Unidata/tomcat-docker

• Tomcat security scanner - https://github.com/p0dalirius/ApacheTomcatScanner

• https://www.upguard.com/blog/15-ways-to-secure-apache-tomcat-8

• Tomcat installation bash script - https://github.com/isurunix/tomcat-install-script/blob/master/tomcat-install-script.sh

Nginx hardening

• https://github.com/IAmATeaPot418/nginx-hardening

• https://gist.github.com/mko-x/4b63b6a1528151bd5c6a2dbd84dac006

• https://gist.github.com/plentz/6737338

• https://github.com/michyweb/nginx-security-conf

Debian OS hardening

• https://github.com/maldevel/blue-team/blob/master/hardening/debian-server-9-hardening-lvl1.sh

OpenSSH hardening (Mozilla)

• https://github.com/mozilla/infosec.mozilla.org/blob/master/docs/guidelines/openssh.md