v1.0.1

Author: fidpa

.gitignore

@@ -1,31 +1,75 @@
+# Security-sensitive files
+*.key
+*.pem
+id_rsa
+id_ed25519
+id_ecdsa
+*.p12
+*.pfx
+passwords.txt
+secrets.txt
+*.secret
+
+# Generated security reports (local test runs)
+lynis-report.dat
+aide.db.new
+rkhunter.log
+*.scan
+
 # Test outputs
 *.tmp
 *.log
 test-output/
+test-results/
 
 # Local configs
 config.local
 *.env
 !*.example.env
+local.conf
+*.local
+
+# Python
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.pytest_cache/
+*.egg-info/
 
 # Editor
 .vscode/
 .idea/
 *.swp
 *.swo
 *~
+.vim/
 
 # OS
 .DS_Store
 Thumbs.db
+ehthumbs.db
+Desktop.ini
+
+# Git/Patch artifacts
+*.orig
+*.rej
+*.patch
+*.diff
 
 # Temporary files
 /tmp/
+*.cache
 
 # Build artifacts
 *.bak
+*~
 
 # Personal/marketing content
 REDDIT_POST.md
 LINKEDIN_POST.md
 COMPONENT_README_TEMPLATE.md
+
+# rclone links and CLAUDE.md symlinks
+*.rclonelink
+CLAUDE.md

README.md

@@ -62,7 +62,7 @@ sudo cp ssh-hardening/sshd_config.template /etc/ssh/sshd_config
 ./ssh-hardening/scripts/validate-sshd-config.sh
 sudo systemctl restart sshd
 
-# 4. UFW Firewall (simple servers)
+# 5. UFW Firewall (simple servers)
 sudo apt install ufw
 sudo ufw default deny incoming
 sudo ufw default allow outgoing

aide/docs/BEST_PRACTICES.md

@@ -331,7 +331,7 @@ WantedBy=timers.target  # NOT multi-user.target
 
 **Why**: AIDE can take 5-15 minutes - don't delay boot
 
-**See**: [docs/BOOT_RESILIENCY.md](docs/BOOT_RESILIENCY.md)
+**See**: [BOOT_RESILIENCY.md](BOOT_RESILIENCY.md)
 
 ---
 

aide/docs/IMMUTABLE_BINARY_PROTECTION.md

@@ -165,7 +165,7 @@ sudo lsattr /usr/bin/aide | grep -q 'i' && \
 Use the provided validation script:
 
 ```bash
-./scripts/validate-immutable-flags.sh
+../scripts/validate-immutable-flags.sh
 ```
 
 **Output**:
@@ -344,7 +344,7 @@ Immutable flags are ONE layer of defense:
 
 ## See Also
 
-- **[docs/AIDE_BINARY_VALIDATION.md](docs/AIDE_BINARY_VALIDATION.md)** - Monitoring and validation
+- **[AIDE_BINARY_VALIDATION.md](AIDE_BINARY_VALIDATION.md)** - Monitoring and validation
 - **[TROUBLESHOOTING.md](TROUBLESHOOTING.md)** - Issue #5: Immutable flag prevents APT upgrade
 - **[BEST_PRACTICES.md](BEST_PRACTICES.md)** - Security best practices
-- **[scripts/validate-immutable-flags.sh](scripts/validate-immutable-flags.sh)** - Validation script
+- **[../scripts/validate-immutable-flags.sh](../scripts/validate-immutable-flags.sh)** - Validation script

aide/docs/TROUBLESHOOTING.md

@@ -401,8 +401,8 @@ If issues persist:
 5. **Review documentation**:
    - [SETUP.md](SETUP.md) - Installation steps
    - [BEST_PRACTICES.md](BEST_PRACTICES.md) - Production guidelines
-   - [BOOT_RESILIENCY.md](docs/BOOT_RESILIENCY.md) - Boot issues
-   - [MONITORING_AIDE_ACCESS.md](docs/MONITORING_AIDE_ACCESS.md) - Permission issues
+   - [BOOT_RESILIENCY.md](BOOT_RESILIENCY.md) - Boot issues
+   - [MONITORING_AIDE_ACCESS.md](MONITORING_AIDE_ACCESS.md) - Permission issues
 
 ---
 

auditd/README.md

@@ -33,7 +33,6 @@ sudo systemctl restart auditd
 |----------|-------------|
 | [SETUP.md](docs/SETUP.md) | Installation, rule deployment, and SIEM integration |
 | [CIS_CONTROLS.md](docs/CIS_CONTROLS.md) | CIS Benchmark 4.1.x mapping and rule explanations |
-| [RULE_PROFILES.md](docs/RULE_PROFILES.md) | Base vs Aggressive vs Docker-aware profiles |
 | [TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) | Common issues (log rotation, performance impact) |
 
 ## Requirements

boot-security/README.md

@@ -30,8 +30,6 @@ sudo ./scripts/setup-grub-password.sh
 |----------|-------------|
 | [GRUB_PASSWORD.md](docs/GRUB_PASSWORD.md) | GRUB password setup (automated + manual) |
 | [UEFI_PASSWORD.md](docs/UEFI_PASSWORD.md) | UEFI/BIOS password guides (ASRock, Dell, HP, Lenovo) |
-| [TRIPLE_VALIDATION.md](docs/TRIPLE_VALIDATION.md) | Validation process and rollback procedures |
-| [TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) | Boot failures and recovery |
 
 ## Requirements
 

kernel-hardening/README.md

@@ -31,9 +31,7 @@ sudo ./scripts/harden-tmp.sh
 | Document | Description |
 |----------|-------------|
 | [SETUP.md](docs/SETUP.md) | Installation and parameter explanations |
-| [SYSCTL_PARAMETERS.md](docs/SYSCTL_PARAMETERS.md) | Complete list of hardening parameters |
 | [TMP_HARDENING.md](docs/TMP_HARDENING.md) | /tmp noexec setup and Docker compatibility |
-| [TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) | Common issues (Docker networking, IPv6 disabled) |
 
 ## Requirements
 

lynis/README.md

@@ -32,7 +32,6 @@ cat /var/log/lynis-report.dat
 |----------|-------------|
 | [SETUP.md](docs/SETUP.md) | Installation, automation, and report interpretation |
 | [HARDENING_GUIDE.md](docs/HARDENING_GUIDE.md) | Step-by-step hardening based on Lynis findings |
-| [CIS_VALIDATION.md](docs/CIS_VALIDATION.md) | Using Lynis to validate CIS Benchmark compliance |
 | [TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) | Common warnings and how to address them |
 
 ## Requirements

nftables/README.md

@@ -35,8 +35,6 @@ sudo ./scripts/deploy-nftables.sh /etc/nftables.conf
 |----------|-------------|
 | [SETUP.md](docs/SETUP.md) | Installation, template selection, and deployment |
 | [WIREGUARD_INTEGRATION.md](docs/WIREGUARD_INTEGRATION.md) | VPN setup with full DNS takeover |
-| [DOCKER_COMPATIBILITY.md](docs/DOCKER_COMPATIBILITY.md) | Chain preservation and custom rules |
-| [NAT_CONFIGURATION.md](docs/NAT_CONFIGURATION.md) | SNAT, DNAT, and port forwarding |
 | [TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) | Common issues (Docker networking, VPN routing) |
 
 ## Requirements