← ClaudeAtlas

security-hardeninglisted

Reduces attack surface across OS, container, cloud, network, and database layers using CIS Benchmarks and zero-trust principles. Use when hardening production infrastructure, meeting compliance requirements, or implementing defense-in-depth security.
ancoleman/ai-design-components · ★ 368 · DevOps & Infrastructure · score 80
Install: claude install-skill ancoleman/ai-design-components
# Security Hardening ## Purpose Proactive reduction of attack surface across infrastructure layers through systematic configuration hardening, least-privilege enforcement, and automated security controls. Applies industry-standard CIS Benchmarks and zero-trust principles to operating systems, containers, cloud configurations, networks, and databases. ## When to Use This Skill Invoke this skill when: - Hardening production infrastructure before deployment - Meeting compliance requirements (SOC 2, PCI-DSS, HIPAA, FedRAMP) - Implementing zero-trust security architecture - Reducing container or cloud misconfiguration risks - Preparing for security audits or penetration tests - Automating security baseline enforcement - Responding to vulnerability scan findings ## Hardening Layers Security hardening applies across five infrastructure layers: ### Layer 1: Operating System (Linux) - Kernel parameter tuning (sysctl) - SSH configuration hardening - User and group management - File system permissions and mount options - Service minimization - SELinux/AppArmor enforcement ### Layer 2: Container - Minimal base images (Chainguard, Distroless, Alpine) - Non-root container execution - Read-only root filesystems - Seccomp and AppArmor profiles - Resource limits and capabilities dropping - Pod Security Standards enforcement ### Layer 3: Cloud Configuration - IAM least privilege and MFA enforcement - Network security groups and NACL configuration - Encryption at rest and in transit -