Skip to content

Awesome Fedora Security: A curated collection of projects, featuring hardening scripts, configurations, spins, labs, and environments designed to secure and fortify the Fedora distribution.

License

Notifications You must be signed in to change notification settings

34N0/awesome-fedora-security

Repository files navigation

Awesome Fedora Security Awesome

Awesome Fedora Security: A curated collection of projects, featuring hardening scripts, configurations, spins, labs, and environments designed to secure and fortify the Fedora distribution.

Fedora is a user-friendly Linux distribution known for its commitment to open-source principles, regular updates, and emphasis on security.

Contents

Images

  • Secureblue (Hardened Ublue Images) - This repo takes the uBlue starting point and selectively applies minimal hardening so as to provide images that are partially hardened without sacrificing usability for most use cases.

  • Fedora Security Lab - The Fedora Security Lab (FSL) provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.

System Components

Sandboxing

  • Bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak and similar projects

  • Bubblewrap SUID - This repository contains the .spec file for bundling a setuid variant of Bubblewrap as an RPM. This allows using flatpaks on immutable OSTree distributions with unprivileged_user_namespaces set to 0.

  • Bubblejail - Bubblejail is a bubblewrap-based alternative to Firejail.

  • 🡽 crablock - Crablock is written entirely in (un)safe Rust (it links against libc and libseccomp). And features bleeding edge Linux security features like Landlock or MDWE_REFUSE_EXEC_GAIN.

Hardened Malloc

"Hardened Malloc" is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heapcorruption vulnerabilities.

Kernel Hardened

The hardened Linux kernel; originally from the Arch Linux repository and repackaged for Fedora Linux.

  • Kernel Hardened (COPR Package) - This repository tracks the hardened Linux kernel from the Arch Linux repositories and packages ist for Fedora Linux.

SELinux

  • SELinux Policy - selinux-policy for Fedora is a large patch off the mainline

Automation

  • Fedora Hardened Script - This is a script that hardens the default fedora installation significantly.

  • Ansible Role RHEL9 CIS - Automate CIS benchmark compliance with Ansible

  • SolidCore Scripts - This project aims to protect immutable Fedora variants against a variety of attack vectors with a collection of scripts.

Audit

  • RHEL9 CIS Audit - Ability to audit a system using a lightweight binary to check the current state.

Contributing

Contributions of any kind welcome, just follow the guidelines

About

Awesome Fedora Security: A curated collection of projects, featuring hardening scripts, configurations, spins, labs, and environments designed to secure and fortify the Fedora distribution.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published