Linux Hardening Automation
It was a few months back i was thinking of what options do we have at the moment to automate linux hardening operations. And the results weren't rather rich in options , thus i wanted to develop a linux hardening automation suite myself.
First of all, no system in the world is completely secure, we have to accept this and acknowledge that its all based on tradeoffs. But there is a fact that the lesser layers of software exposed in a box the higher the potential security.
See Wikipedia's explanation for hardening :
In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a multipurpose one. Reducing available vectors of attack typically includes the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.
So the idea behind the automation suite i developed is that, given a box, after the set of operations handled by the suite, the outcome box will be of higher security.
This is achieved by removing extra layers as in both software and configuration to remove possible target vectors.
You can take a look at the project here: nixarmor