The Linux Security Project for Debian Systems
HARDN is an endpoint security and hardening solution for Debian-based systems that provides:
- System Hardening: Comprehensive security hardening following STIG compliance guidelines
- Endpoint Management: Advanced monitoring, securing, and maintenance of network devices
- STIG Compliance: Alignment with Security Technical Information Guides from the DOD Cyber Exchange
- Automated Security: Real-time threat detection and response capabilities
- Comprehensive Monitoring: Real-time insights into endpoint performance and security status
- Enhanced Security: Advanced security protocols and hardening measures
- Scalability: Supports small to large-scale network deployments
- STIG Compliance: Government-grade security for Debian-based information systems
- Modular Architecture: Professional CLI interface with specialized security modules
- REST API: HTTP API for integration and remote monitoring
- Debian 12 or Ubuntu 24.04 (bare-metal or virtual machines)
- Root or sudo access for installation
- Internet connection for package downloads
Download and install the latest .deb package:
git clone https://github.com/Security-International-Group/HARDN-XDR.git
cd HARDN
dpkg-buildpackage -us -uc -b
sudo dpkg -i ../hardn_*.debHARDN-XDR provides a comprehensive security hardening suite:
- Headless Operation: Full compatibility with VM and desktop deployments
- STIG Compliance: Government-grade security hardening for Debian systems
- Automated Security: Real-time threat detection and response capabilities
- Modular Architecture: Professional CLI with specialized security modules
- REST API: HTTP API for remote monitoring and integration
- Package Management: Native
.debpackage with proper dependency management - System Integration: Systemd service support and FHS-compliant structure
- Comprehensive Logging: Centralized logging with rotation and monitoring
Key security features:
- Malware detection and signature-based response system
- Advanced monitoring and reporting tools
- System hardening following security best practices
- Automated security updates and maintenance
For detailed information, see the Documentation Library and HARDN System Specifications.
HARDN-XDR includes comprehensive documentation organized in a structured library:
All comprehensive documentation is organized in the /docs/library/ directory:
- Installation Guide - Complete installation instructions for all deployment scenarios
- Usage Guide - Comprehensive guide for headless and interactive operation modes
- Lynis Compliance - Automated compliance testing and scoring
- Security Tools - Comprehensive security tool integration reference
- Refactoring Summary - Complete v2.0.0 transformation documentation
- HARDN System Specifications - Detailed system specifications and package details
- DOD Cyber Exchange - STIG compliance reference materials
- README - Documentation overview and navigation
- Table of Contents - Complete documentation index
- Changelog - Version history and changes
- Code of Conduct - Community guidelines
HARDN-XDR follows a modular architecture with proper Linux filesystem hierarchy compliance:
/usr/bin/hardn # Main executable
/usr/share/hardn/modules/ # Security modules
/usr/share/hardn/templates/ # Configuration templates
/usr/share/man/man1/hardn.1 # Manual page
/etc/hardn/hardn.conf # System configuration
/var/log/hardn/ # Application logs
/var/lib/hardn/ # Application data
/lib/systemd/system/
- logging.sh - Centralized logging with rotation
- utils.sh - Common utilities and system checks
- hardening.sh - Core security hardening and STIG implementation
- audit.sh - Security scanning and compliance checking
- status.sh - System monitoring and performance metrics
- backup.sh - Configuration backup and restore
- monitor.sh - Service management and real-time monitoring
- update.sh - Security updates and signature maintenance
- uninstall.sh - Clean removal and system restoration
HARDN/
├── docs/ # Documentation
│ ├── library/ # Organized documentation library
│ │ ├── installation/ # Installation guides
│ │ ├── usage/ # Usage documentation
│ │ ├── security/ # Security & compliance docs
│ │ ├── development/ # Development & architecture
│ │ └── reference/ # Reference materials
│ ├── assets/ # Images and diagrams
│ ├── README.md # Documentation overview
│ ├── TABLE_OF_CONTENTS.md # Complete documentation index
│ ├── HARDN.md # System specifications
│ └── changelog.md # Version history
├── debian/ # Debian packaging
├── src/ # Source code
├── systemd/ # Service files
├── usr/ # Installation files
├── install.sh # Quick install script
├── progs.csv # Package dependencies
└── README.md # This file
For detailed build documentation, see docs/build-process.md
Quick Answer: Docker files are NOT needed for dpkg build - they're only used for testing.
HARDN uses a CI/CD pipeline with testing and quality assurance:
graph TD
A[Source Code Push] --> B[Lint Stage]
B --> B1[ShellCheck Validation]
B --> B2[File Permissions Check]
B --> B3[Debian Package Validation]
B1 --> C[Build Stage]
B2 --> C
B3 --> C
C --> C1[Install Build Dependencies]
C -->
A632
C2[Set up Package Structure]
C --> C3[Build Debian Package]
C --> C4[Package Content Verification]
C1 --> D[Test Stage]
C2 --> D
C3 --> D
C4 --> D
D --> D1[Container Testing - Debian 12]
D --> D2[Container Testing - Ubuntu 24.04]
D --> D3[Package Installation Tests]
D --> D4[CLI Functionality Tests]
D1 --> E[Security Scan]
D2 --> E
D3 --> E
D4 --> E
E --> E1[Trivy Vulnerability Scan]
E --> E2[SARIF Report Generation]
E --> E3[GitHub Security Tab Upload]
E1 --> F[Integration Tests]
E2 --> F
E3 --> F
F --> F1[Full Package Installation]
F --> F2[System Hardening Tests]
F --> F3[Service Functionality Tests]
F --> F4[Configuration Validation]
F1 --> G[Release Stage]
F2 --> G
F3 --> G
F4 --> G
G --> G1[Version Extraction]
G --> G2[GitHub Release Creation]
G --> G3[Package Artifact Upload]
style A fill:#e1f5fe
style G3 fill:#c8e6c9
style E1 fill:#fff3e0
style D1 fill:#f3e5f5
style D2 fill:#f3e5f5
classDef testStage fill:#e8f5e8
class D1,D2,D3,D4,F1,F2,F3,F4 testStage
- Lint Stage: Code quality validation using ShellCheck, file permission verification, and Debian packaging structure validation
- Build Stage: Debian package compilation with proper dependency management and FHS compliance
- Test Stage: Multi-distribution testing in containerized environments (Debian 12, Ubuntu 24.04)
- Security Scan: Vulnerability assessment using Trivy with automated security reporting
- Integration Tests: End-to-end functionality testing with real system installation
- Release Stage: Automated GitHub releases with versioned artifacts for production deployment
HARDN-XDR supports fully headless operation:
# System hardening (headless mode)
sudo hardn setup --non-interactive
# Check system status
hardn status
# Run security audit
hardn audit
# Monitor services
hardn monitor start
# View help and version
hardn --help
hardn --version# Backup current configuration
hardn backup create
# Restore from backup
hardn backup restore
# Update security signatures
hardn update
# Clean uninstall
hardn uninstallStart the HTTP API server for remote monitoring and integration:
# Start API server on localhost:8080
hardn api
# Start on custom port with full privileges
sudo hardn api --port 9090 --host 0.0.0.0API endpoints:
GET /api/status- System status informationGET /api/services- Security services statusGET /api/metrics- Live system metricsGET /api/logs- Security logsPOST /api/service- Control services
- Installation Guide - Step-by-step installation
- Usage Guide - Operating HARDN in headless and interactive modes
- Documentation Library - Complete documentation index
- System Specifications - Complete package and configuration details
- Security Tools Reference - Integrated security tools
- Compliance Testing - Automated compliance validation
- System Architecture - Complete v2.0.0 architecture documentation
- Code of Conduct - Contributing guidelines
- Changelog - Version history and release notes
This project is licensed under the MIT License.
For questions or support, contact: office@cybersynapse.ro