Awesome Fedora Security: A curated collection of projects, featuring hardening scripts, configurations, spins, labs, and environments designed to secure and fortify the Fedora distribution.
Fedora is a user-friendly Linux distribution known for its commitment to open-source principles, regular updates, and emphasis on security.
-
Secureblue (Hardened Ublue Images) - This repo takes the uBlue starting point and selectively applies minimal hardening so as to provide images that are partially hardened without sacrificing usability for most use cases.
-
Fedora Security Lab - The Fedora Security Lab (FSL) provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.
-
Bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak and similar projects
-
Bubblewrap SUID - This repository contains the .spec file for bundling a setuid variant of Bubblewrap as an RPM. This allows using flatpaks on immutable OSTree distributions with unprivileged_user_namespaces set to 0.
-
Bubblejail - Bubblejail is a bubblewrap-based alternative to Firejail.
-
🡽 crablock - Crablock is written entirely in (un)safe Rust (it links against libc and libseccomp). And features bleeding edge Linux security features like Landlock or MDWE_REFUSE_EXEC_GAIN.
"Hardened Malloc" is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heapcorruption vulnerabilities.
The hardened Linux kernel; originally from the Arch Linux repository and repackaged for Fedora Linux.
- Kernel Hardened (COPR Package) - This repository tracks the hardened Linux kernel from the Arch Linux repositories and packages ist for Fedora Linux.
- SELinux Policy - selinux-policy for Fedora is a large patch off the mainline
-
Fedora Hardened Script - This is a script that hardens the default fedora installation significantly.
-
Ansible Role RHEL9 CIS - Automate CIS benchmark compliance with Ansible
-
SolidCore Scripts - This project aims to protect immutable Fedora variants against a variety of attack vectors with a collection of scripts.
- RHEL9 CIS Audit - Ability to audit a system using a lightweight binary to check the current state.
Contributions of any kind welcome, just follow the guidelines