gohard (golang harden) is a partial rewrite of grapheneX, which I also try to actively maintain. The goal was to get rid of all third party libs (not successful), and only have a CLI app.
I started learning Golang recently, so I thought this would be a good practice.
64-bit linux
GOOS=linux GOARCH=amd64 go build -o bin/64-bit windows
set GOOS=windows GOARCH=amd64
go buildThere's a possibility that Microsoft Defender will flag this binary as malicious and refuse to execute it. Disabling real-time protection is a must-do in order to run.
[UNIX] Create a symlink for gohard binary:
sudo apt-get install -y coreutils
sudo ln -s $(readlink -f bin/gohard) /usr/local/bin[UNIX] Help message:
gohard -h[UNIX] Use SSH hardening modules:
sudo -E gohard --service=ssh[UNIX] Use Kernel hardening modules
sudo -E gohard --service=kernel[WINDOWS] Use firewall hardening modules
cmd /k gohard.exe --service=firewallAnd basically the same way for all the other services.
You can use 'ranges' to execute more than 1 module at the same time:
If you enter either wrong start / end index, gohard will exit:
You can also execute all available modules using '-':
If any command doesn't finish successfully gohard will throw out an error, but will continue with the execution of all remaining modules:
Build the tag first:
docker build -t gohard .Running any hardening service:
sudo -E docker run --rm -it gohard --service=kernel