██░ ██ ▄▄▄ ██▀███ ▓█████▄ ███▄ █
▓██░ ██▒▒████▄ ▓██ ▒ ██▒▒██▀ ██▌ ██ ▀█ █
▒██▀▀██░▒██ ▀█▄ ▓██ ░▄█ ▒░██ █▌▓██ ▀█ ██▒
░▓█ ░██ ░██▄▄▄▄██ ▒██▀▀█▄ ░▓█▄ ▌▓██▒ ▐▌██▒
░▓█▒░██▓ ▓█ ▓██▒░██▓ ▒██▒░▒████▓ ▒██░ ▓██░
▒ ░░▒░▒ ▒▒ ▓▒█░░ ▒▓ ░▒▓░ ▒▒▓ ▒ ░ ▒░ ▒ ▒
▒ ░▒░ ░ ▒ ▒▒ ░ ░▒ ░ ▒░ ░ ▒ ▒ ░ ░░ ░ ▒░
░ ░░ ░ ░ ▒ ░░ ░ ░ ░ ░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░
░
The Linux Security Project
A single Debian tool to fully secure an OS using automation, monitoring, heuristics and availability.
-
Kernel Hardening – Fortifying the Linux kernel to block exploits, enforce strict access controls, and minimize attack surfaces.
-
Penetration Testing – Proactively scanning and testing for vulnerabilities to find weaknesses before attackers do.
-
Automation – Reducing manual security tasks with scripts and tools that streamline system protection and performance tuning.
-
OS Security – Locking down vulnerabilities while ensuring stability, speed, and reliability for Debian systems
- Lynis,Security auditing tool for Unix-based systems.
- Fail2Ban,Protects against brute-force attacks.
- SELinux, a security feature in Linux that enforces strict access controls to protect the system from unauthorized actions, even by compromised or malicious processes.
- UFW,Easy-to-configure firewall utility.
- TCP wrappers, to bundle outbound/ inbound and predefined rules monitoring tool, host based.
- Lynis Audit- to keep the base secure posture validated
- AppArmor,Mandatory Access Control (MAC) for enforcing policies.
- ESET_Nod32,(Soon to be replaced by Legion) Open-source antivirus software.
- Firejail,Sandboxing tool for application isolation.
- Cron, to keep it all omaintenance**
- Pex*, used for GRUB password hash automation
- Secure the System – Applies firewall rules, intrusion detection, malware protection, and access control automatically.
- Monitor & Defend – Soon to use heuristic analysis, security audits, and automated updates to stay ahead of threats. (
Legion) - Stay Updated – Built-in automation via
cronensures constant updates and maintenance without user intervention.
The Goal - Once installed, HARDN runs in the background—keeping your system tight without slowing you down.
we are working on a 'headless' option to remove the gui, for server functionality. We are working on server and container compatibility.
git clone https://github.com/opensource-for-freedom/HARDN.git
cd hardnapt update && apt install -y python3 python3-pip
pip install -r requirements.txtpip install -e .hardnrerun
sudo ./setup.sh- Replacing ESET with
Legion– A dedicated malware scanner optimized for Linux.
- Integrating Wazuh SIEM – Expanding system-wide monitoring for better incident response.
- Test and implement GRS, to help fully secure the Kernal.
- Expanding container security – Locking down VMs and containers without affecting performance.
- Making it easier to use – Simplifying configurations for both end-users and professionals.
- Contact directly for access
- MIT License