⚠️ Mirror. Primary repository: git.digtvbg.com Development, issues, and PRs happen there. The GitHub repo is read-only.

assessment

Used for educational and assessment purposes only, no liability taken or given.

1. SSHD - disabled

2. Application LB - deployed

3. Latest kernel - deployed

4. AWS WAF v2 - deployed on ALB

5. AWS SSM - operational

6. AIDE - deployed

7. SElinux - enforcing

TODO:

• custom AMI / dockerize - musl based for even less attack vectors

• aws shield

• aws guardduty

• aws inspector

• cloudwatch alarms and cloudtrail

• sns on events

• crowdsec https://www.crowdsec.net/blog/protect-your-applications-with-aws-waf-and-crowdsec