Skip to content

cortexlinux/cortex-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.github
.github
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Cortex Security

Security Hardening and Privilege Governance for Cortex Linux

License CIS

Overview

cortex-security provides security profiles, hardening baselines, and privilege governance for Cortex Linux. It ensures all Cortex components run with least privilege.

Key Components

Component Description
Firejail Profiles Sandbox profiles for all Cortex services
AppArmor Policies MAC policies for process confinement
nftables Rules Firewall templates and management
SSH Hardening Secure remote access defaults
Compliance Scans SCAP/OpenSCAP baseline checks
Secrets Management Secure credential storage

Architecture

cortex-security/
├── profiles/
│   ├── firejail/               # Firejail sandbox profiles
│   │   ├── cortex-cli.profile
│   │   ├── cortex-llm.profile
│   │   └── cortex-console.profile
│   ├── apparmor/               # AppArmor policies
│   └── selinux/                # SELinux policies (optional)
├── firewall/
│   ├── nftables/               # nftables rulesets
│   └── templates/              # Common configurations
├── compliance/
│   ├── scap/                   # SCAP content
│   └── scripts/                # Compliance scanners
├── hardening/
│   ├── ssh/                    # sshd_config templates
│   ├── sysctl/                 # Kernel parameters
│   └── audit/                  # auditd rules
└── secrets/                    # Credential management

Topics (from Planning)

This repository covers 9 major topics with 90 decisions and 83 tasks:

  • Audit subsystem configuration (auditd rules + reporting)
  • Compliance scanning and baseline hardening (SCAP/OpenSCAP)
  • Firewall management using nftables
  • Least-privilege service design for web console and agents
  • Mandatory Access Control options (AppArmor/SELinux)
  • No-silent-sudo policy and privilege escalation UX
  • Secrets management for cloud connectors
  • Secure-by-default network posture
  • Security updates and unattended patching policy
  • SSH hardening and secure remote access defaults

Quick Start

# Install security profiles
sudo apt install cortex-security

# Apply hardening baseline
sudo cortex-harden apply --profile server

# Run compliance scan
sudo cortex-scan --benchmark cis-debian-12

# Check firewall status
sudo cortex-firewall status

Hardening Levels

Level Description
minimal Basic hardening, compatible with most workloads
server Production server hardening (default)
strict Maximum security, may break some applications

Related Repositories

Contributing

See CONTRIBUTING.md for guidelines.

License

Apache 2.0 - See LICENSE

About

Security and hardening: Firejail profiles, nftables, AppArmor, SSH hardening, secrets management

Topics

linux ssh security firewall sysadmin audit compliance hardening firejail apparmor selinux openscap nftables linux-security devsecops zero-trust cis-benchmark secrets-management ai-native cortex-linux

Resources

Readme

License

View license

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published