Developing a system hardening solution for development environments and small businesses : simplifying automated Linux security hardening

Abstract

The objective of this thesis was to develop a lightweight, consumer-grade system hardening tool aimed at simplifying the process of securing Linux systems for developers, individual users, and small organizations. While existing solutions are often tailored to enterprise environments, this tool focuses on accessibility, automation, and practical usability in smaller-scale settings. Built using Python, OpenSCAP, and Ansible, the tool supports both local and remote hardening using SCAP-compliant profiles and provides an orchestrator-agent model for minimal configuration overhead. It automates essential tasks such as vulnerability scanning, profile selection, and remediation, significantly reducing the complexity and technical knowledge required for system hardening. The tool was tested on multiple Linux distributions and supports batch hardening where SCAP Security Guide (SSG) profiles are available. Limitations include the inability to automate all controls and restricted compatibility with unsupported distributions. Future enhancements such as graphical interfaces, profile updates, and broader distribution support are proposed to improve scalability and usability. This work contributes to democratizing system security by lowering technical barriers to effective configuration and maintenance of secure computing environments.