SysHardn is a rule-based system hardening tool. It can audit a system against a set of rules and apply remediations with backups and rollback support.
Status: alpha. Treat it as a security tool that can change system configuration; review rules before applying.
- Rules are defined in YAML.
- Commands:
check,apply,report,rollback,list-rules. - Reporting formats: console, JSON, HTML, CSV, Markdown, PDF.
- Backups and rollback are supported when a rule provides rollback commands.
- Windows 10 (1809+) or Windows 11
- PowerShell 5.1 or later
- Administrator privileges
- Ubuntu 20.04+, Debian 10+, RHEL/CentOS 8+, Fedora 36+
- Bash 4.0 or later
- Python 3.9 or higher
- pip for package management
- Virtual environment (recommended)
- Windows 10/11 (PowerShell required)
- Linux distributions listed in the rules metadata
# Clone the repository
git clone https://github.com/pointblank-club/syshardn.git
cd syshardn
# Create and activate a virtual environment
python -m venv .venv
source .venv/bin/activate
# Install dependencies and the package
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -e .For development:
pip install -r requirements.txt
pip install -r requirements-dev.txt
pip install -e .# Check version
syshardn --version
# View help
syshardn --help
# List available rules
syshardn list-rules# Check all rules for your platform
syshardn check
# Check a specific hardening level
syshardn check --level moderate
# Check specific rules
syshardn check --rules WIN-001 --rules WIN-002
# Output results as JSON to console
syshardn check --json
# Write a report file from the check
syshardn check --report results.json# Apply all rules for your platform at a hardening level
syshardn apply --level moderate
# Apply specific rules
syshardn apply --rules LNX-001 --rules LNX-002 --force
# Dry-run mode (show what would be done)
syshardn apply --dry-run# Generate a report file
syshardn report --format html --output report.html
# Generate JSON report file
syshardn report --format json --output report.json
# Generate CSV report for analysis
syshardn report --format csv --output report.csv
# Output report results as JSON to console
syshardn report --json# List available backups
syshardn rollback --list
# Rollback the latest backup for a rule
syshardn rollback --rule-id WIN-001 --latest# List all rules
syshardn list-rules
# List rules for specific platform
syshardn list-rules --os-filter windows
# List rules by category
syshardn list-rules --category Filesystem
# List detailed view
syshardn list-rules --detailed# Enable debug logging
syshardn --log-level DEBUG check
# Log to file
syshardn --log-file syshardn.log check
# Verbose output
syshardn check --verboseRules are YAML files under rules/linux/ and rules/windows/.
To create a new rule, start from the template:
rules/templates/TEMPLATE.yaml
# Run the full test suite
python -m pytestInstall dev dependencies with:
pip install -r requirements-dev.txtSee CONTRIBUTING.md.
- Rule template:
rules/templates/TEMPLATE.yaml - CIS Benchmarks: https://www.cisecurity.org/cis-benchmarks/
- Issue tracker: https://github.com/pointblank-club/syshardn/issues
This tool makes significant changes to system configuration. Always:
- Test in non-production environments first
- Review rules before applying
- Maintain backups
- Understand the impact of each rule
- Have a rollback plan
The authors are not responsible for any system issues or data loss resulting from the use of this tool.