Marketplace
security-hardening
Infrastructure security, CIS benchmarks, and vulnerability scanning.
$ 설치
git clone https://github.com/timequity/vibe-coder /tmp/vibe-coder && cp -r /tmp/vibe-coder/skills/infra/security-hardening ~/.claude/skills/vibe-coder// tip: Run this command in your terminal to install the skill
SKILL.md
name: security-hardening description: Infrastructure security, CIS benchmarks, and vulnerability scanning.
Security Hardening
CIS Benchmarks
AWS
- Enable CloudTrail in all regions
- Enable VPC Flow Logs
- Disable root account access keys
- Enable MFA for root and IAM users
- Encrypt EBS volumes
Kubernetes
- Enable RBAC
- Use Network Policies
- Run as non-root
- Read-only root filesystem
- Resource limits
Pod Security
apiVersion: v1
kind: Pod
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
containers:
- name: app
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
Network Security
# Network Policy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: api-policy
spec:
podSelector:
matchLabels:
app: api
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: frontend
ports:
- port: 8080
Secrets Management
# External Secrets Operator
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: app-secrets
spec:
refreshInterval: 1h
secretStoreRef:
name: aws-secrets-manager
kind: ClusterSecretStore
target:
name: app-secrets
data:
- secretKey: database-url
remoteRef:
key: prod/database
property: url
Scanning
# Container scanning
trivy image myapp:latest
# IaC scanning
tfsec .
checkov -d .
# Kubernetes scanning
kubesec scan pod.yaml
Repository
timequity
Author
timequity/vibe-coder/skills/infra/security-hardening
0
Stars
0
Forks
Updated13h ago
Added1w ago