Our Security Projects

Open-source security tools for Linux and Debian infrastructures, engineered to meet STIG, CIS, and FedRAMP compliance demands. Explore our comprehensive suite of cybersecurity solutions.

HARDN-XDRHARDN_DOCKERLinux & Container Hardening

HARDN-XDR

Key Features

  • Automated system hardening with guided, one-step configuration workflows
  • Continuous security monitoring powered by the LEGION daemon
  • Integrated Lynis, AIDE, and custom scanners for layered assessments
  • Network protection backed by Fail2ban and adaptive telemetry
  • Interactive GTK4 dashboard for live situational awareness
  • Enemy detection insights surfaced through SIEM-driven analytics
  • Service manager for orchestrating hardening runs and security tooling

Operational Overview

  • Launch workflows through the HARDN service manager to apply hardening controls and review telemetry
  • The native SIEM interface opens alongside the manager to visualize compliance status and threats in real time
  • Security tooling and module scripts remain available on-demand for targeted investigations

Service Manager Highlights

  • Centralizes control of HARDN modules within both CLI and GUI experiences
  • Generates compliance reports aligned with the Center for Internet Security standards
  • Provides administrators with actionable system data for monitoring and rapid response

Service Architecture

  • hardn.service applies and maintains hardened security configurations
  • legion-daemon.service persistently monitors for configuration drift and emerging threats
XDRCross-PlatformSTIG ComplianceReal-timeFedRAMPLinux & Debian
Try HARDN-XDR

HARDN_DOCKER

Security Features

  • Automated CIS Docker 1.13.0 enforcement across daemon and containers
  • Docker Bench Security integration with built-in remediation scripts
  • Host hardening for the Docker daemon alongside container policy controls
  • FedRAMP-ready logging, monitoring, and evidence collection workflows

Key Security Measures

  • Non-root runtime (uid 10001) with user namespace remapping and no-new-privileges
  • AppArmor and seccomp profiles, resource limits, and read-only root filesystem
  • TLS-encrypted Docker daemon operations with audit logging for every event

Hardening Toolkit

  • /sources/compliance OpenSCAP checks and scheduled compliance monitoring
  • /sources/network intrusion detection and network policy enforcement
  • /sources/security core system configuration and integrity protection

Security Model

  • Build-time scripts apply and lock down every security control as root
  • Runtime workloads execute as hardened non-root services while policies persist
  • Sample BusyBox web app demonstrates how to drop in production workloads
Container SecurityCIS ComplianceDockerHardeningFedRAMPLinux
Deploy HARDN_DOCKER
View on GitHub