frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Ansible battle tested hardening for Linux, SSH, Nginx, MySQL

https://github.com/dev-sec/ansible-collection-hardening
41•walterbell•5d ago

Comments

yjftsjthsd-h•4h ago
"battle tested" how? Widely deployed? Red teamed and shown to actually help?
observationist•44m ago
They've got a red-team type process they apply repeatedly, you have to piece things together from the changelogs to get a grasp on what they're doing. They've built a positive feedback loop on which to iterate improvements in security, and bundled it in a way to be used effectively with Ansible.

They're following CIS guidelines, so if you're in a situation where that matters, it's probably a solid starting point for building things you need to have compliant and predictable. Could probably save weeks of effort, depending on the size of the team.

mhb•3h ago
What does this mean?
ggm•41m ago
If you have compliance for contractual reasons (e/g you are the supply chain for an entity which has been declared to be a national-strategic service delivery) then this would probably help get you over the line to meet minimum proofs you have tried to comply with the obligations.

So, "what does this mean" is "it means you can tender to sell services to people who put CIS obligations in the contract"

Spivak•2h ago
These playbooks apply the CIS benchmarks, very very useful for compliance. I use them at $dayjob to build our base AMIs.

As for whether they actually harden your servers, that's up for you to decide if you think that CIS actually helps. It certainly does reduce attack surface.

wingmanjd•2h ago
At my $DAYJOB, we have a bunch in-house saltstack states for applying the CIS benchmarks for Ubuntu, Debian, and CentOS. I never looked into it, but I always wondered if I'd be allowed to publish them publicly.
bhattisatish•1h ago
Well there is one available for oscap at https://github.com/ComplianceAsCode/content
hackernudes•1h ago
Context: https://www.cisecurity.org/cis-benchmarks, https://www.cisecurity.org/about-us

"""The CIS Benchmarks® are prescriptive configuration recommendations for more than 25+ vendor product families. They represent the consensus-based effort of cybersecurity experts globally to help you protect your systems against threats more confidently."""

TacticalCoder•1h ago
The Linux hardening list lists quite some modifications but what hardening is made to SSH compared to a stock config? For Linux they summarize the list of hardened changes but for SSH I couldn't find it.

For SSH it's basically a list of default values with a comment saying "change this if you must". Some summary as to what is hardened compared to a stock SSH install would be nice.

observationist•46m ago
https://github.com/dev-sec/ansible-collection-hardening/blob...

The changelogs contain a summary of actions and changes, and full changelogs go into detail.

Cowork: Claude Code for the rest of your work

https://claude.com/blog/cowork-research-preview
504•adocomplete•4h ago•260 comments

TimeCapsuleLLM: LLM trained only on data from 1800-1875

https://github.com/haykgrigo3/TimeCapsuleLLM
440•admp•7h ago•186 comments

Fabrice Bellard's TS Zip (2024)

https://www.bellard.org/ts_zip/
79•everlier•3h ago•27 comments

The chess bot on Delta Air Lines will destroy you (2024) [video]

https://www.youtube.com/watch?v=c0mLhHDcY3I
123•cjaackie•3h ago•65 comments

Postal Arbitrage

https://walzr.com/postal-arbitrage
224•The28thDuck•6h ago•111 comments

Unauthenticated remote code execution in OpenCode

https://cy.md/opencode-rce/
197•CyberShadow•1d ago•45 comments

Date is out, Temporal is in

https://piccalil.li/blog/date-is-out-and-temporal-is-in/
287•alexanderameye•8h ago•89 comments

LLVM: The bad parts

https://www.npopov.com/2026/01/11/LLVM-The-bad-parts.html
264•vitaut•9h ago•52 comments

F2 (YC S25) Is Hiring

https://www.ycombinator.com/companies/f2/jobs/cJsc7Fe-product-designer
1•arctech•1h ago

Show HN: AI in SolidWorks

https://www.trylad.com
110•WillNickols•6h ago•54 comments

Floppy disks turn out to be the greatest TV remote for kids

https://blog.smartere.dk/2026/01/floppy-disks-the-best-tv-remote-for-kids/
470•mchro•10h ago•276 comments

'I rarely get outside': scientists ditch fieldwork in the age of AI

https://www.nature.com/articles/d41586-025-04150-w
12•Growtika•4d ago•3 comments

Show HN: Agent-of-empires: OpenCode and Claude Code session manager

https://github.com/njbrake/agent-of-empires
47•river_otter•9h ago•12 comments

Perlsecret – Perl secret operators and constants

https://metacpan.org/dist/perlsecret/view/lib/perlsecret.pod
49•mjs•6d ago•8 comments

What old tennis players teach us (2017)

https://www.raphkoster.com/2017/09/22/31098/
27•surprisetalk•4d ago•17 comments

Message Queues: A Simple Guide with Analogies (2024)

https://www.cloudamqp.com/blog/message-queues-exaplined-with-analogies.html
69•byt3h3ad•6h ago•20 comments

GitHub: A case study in link maintenance and 404 pages (2013)

https://chrismorgan.info/blog/github-links-case-study/
9•roryokane•5d ago•1 comments

Apple picks Google's Gemini to power Siri

https://www.cnbc.com/2026/01/12/apple-google-ai-siri-gemini.html
593•stygiansonic•8h ago•331 comments

Non-Essential French Embassy Staff Have Left Iran

https://www.barrons.com/news/non-essential-french-embassy-staff-have-left-iran-sources-d84d1f51
19•mhb•48m ago•4 comments

Anthropic made a mistake in cutting off third-party clients

https://archaeologist.dev/artifacts/anthropic
198•codesparkle•12h ago•167 comments

Show HN: Fall asleep by watching JavaScript load

https://github.com/sarusso/bedtime
41•sarusso•5h ago•14 comments

Superhuman AI exfiltrates emails

https://www.promptarmor.com/resources/superhuman-ai-exfiltrates-emails
29•takira•5h ago•3 comments

Building a 25 Gbit/s workstation for the SCION Association

https://github.com/scionassociation/blog-25gbit-workstation
61•romshark•7h ago•23 comments

Ansible battle tested hardening for Linux, SSH, Nginx, MySQL

https://github.com/dev-sec/ansible-collection-hardening
41•walterbell•5d ago•10 comments

Ai, Japanese chimpanzee who counted and painted dies at 49

https://www.bbc.com/news/articles/cj9r3zl2ywyo
168•reconnecting•14h ago•57 comments

Zen-C: Write like a high-level language, run like C

https://github.com/z-libs/Zen-C
147•simonpure•10h ago•90 comments

Reproducing DeepSeek's MHC: When Residual Connections Explode

https://taylorkolasinski.com/notes/mhc-reproduction/
96•taykolasinski•9h ago•29 comments

Launch a Debugging Terminal into GitHub Actions

https://blog.gripdev.xyz/2026/01/10/actions-terminal-on-failure-for-debugging/
127•martinpeck•11h ago•53 comments

Personal thoughts/notes from working on Zootopia 2

https://blog.yiningkarlli.com/2025/12/zootopia-2.html
290•pantalaimon•5d ago•62 comments

Computers that used to be human

https://digitalseams.com/blog/computers-that-used-to-be-human
53•bobbiechen•8h ago•10 comments