HardPrime Makes Hardening Easy.
HardPrime’s Text User Interface puts all of the information you need, in-context, so you can make hardening decisions easily, and execute them.
Most Hardening is done in a terminal CLI command line session. Remembering flags and options, configuration settings can be quite complex and hard with a command line tool. Mistyping Rule IDs can be unforgiving.
Building elaborate script, recipes and playbooks can also be difficult to manage, when decisions change.
HardPrime takes the same terminal you have and paints an efficient Text User Interface, TUI, so you can keep track of all the options while concentrating on your choices… rather than the mechanics of typing flags and id’s correctly.
- HardPrime Lets You Use Your Expertise To Decide Why, Instead Of How?
- HardPrime’s TUI Keeps All Choices, All Research, All Selections, In-Context For Your Session
- HardPrime Eliminates Long Command Lines Full Of Detailed Rules IDs
- HardPrime Eliminates Complex Script, Recipes and Playbooks To Organize, Debug and Execute
Made for the Cloud
HardPrime knows the differences between cloud servers and bare-metal servers, and documents it all.
HardPrime is expressly designed for Hardening on the Cloud… instead of an afterthought.
- HardPrime doesn’t harden your floppy drive, when there isn’t one…
- HardPrime doesn’t modify your bootloader, when there isn’t one….
- HardPrime doesn’t ignore the special aspects of Cloud Servers.
- HardPrime does, mark these rules are Not Applicable Cloud, so your hardening policy is complete.
Declare any Rule as N/A Cloud, Not Applicable in the Cloud. HardPrime takes that direction and documents the Rule accordingly.
In Risk Assessment and Mitigation, you don’t need to Harden it, but you do need to declare it Risk-free in your Documentation.
HardPrime documents N/A Cloud selections in our Exception Report to make sure they are auditted correctly, in context of their Risk.
Decisions, Hardening, Reports… All In-Context
HardPrime keeps your scan results, your rule research, your hardening selections, your decisions made, your executed hardening instructions and your documentation reports, all in the same tool. They stay in-context to make complex information simpler to use.
- HardPrime Scans Your System, Keeping That Information In-Context
- HardPrime Provides Thousands of Rule Descriptions, In-Context
- HardPrime Remembers Your Hardening Selections, In-Context
- HardPrime Hardens To Your Custom Selections, In-Context
- HardPrime Generates Custom Reports To Document Your Policy, In-Context
Having decision support and research information at your fingertips during your hardening session, means less confusion over rules and rulesets.
Throughout HardPrime, research details are a keypress away. As you select your rules, build your hardening selection, full details including description, and hardening instructions to be applied are all available right in the terminal window, right in your hardening session.
Spend your time in HardPrime selecting exactly what you need, because support materials follow you through your decision process.
And when you’re ready, HardPrime takes your hard-fought decisions and performs the Hardening you need, exactly.
Need to Add or Subtract Rules To Make Your Application Work?
HardPrime allows you to create a custom policy from many rulesets and rules. Add, Subtract, Mix, Match Rules From Any RuleSet.
- Build Your Policy, Mix & Match, Subtract & Add Rules
- Tired of Pre-Hardened Images Breaking Your Solutions, HardPrime Builds An Image That Will Work
- Track Down & Remove That Problematic Hardening Rule For Your Application.
HardPrime gives you complete control of your hardening, rather than the pre-baked hardened solutions of the past.
Once you determine your needs, only harden Rules that let your solutions run. Mark any Rules as Manual hardening, and complete your Hardening session. Our documentation relieves those compliance worries, and now you only have to document custom configurations..
HardPrime allows you to build a selection of Rules to suit your needs, and they can be from any RuleSet we support.
You might try…
HIPAA combined with PCI-DSS for eCommerce & Healthcare. C2S combined with CCP, for Enterprise Cloud servers, and many more.
Subtract problematic Rules that need customized attention, add in other rules, whatever your needs dictate.
Making Shell Hardening Too (TUI) Easy
A Rich Windowed TUI “Text User Interface’, Because That’s What You Have To Work With When You’re Hardening, Bare Bones.
Rich Robust Interface in your SSH Terminal Windows, because you’re Hardening with HardPrime.
- When you start from scratch, all you have is a terminal, so HardPrime uses that.
- No memorizing and spelling Rule IDs in commands or scripts
- HardPrime lets you toggle rules with cursor keys and the spacebar.
Text User Interfaces are so “retro”, yet the process of Hardening headless server instances leaves little choice. A full Windowing GUI would have so many dependencies, it would be counterproductive.
At HardPrime, we built a tool that uses the logic of today’s interfaces and retro-fitted it to any terminal.
Our TUI, expands to fit any terminal window, zoom and resize to maximize HardPrime’s workspace. Cursor Keys, a spacebar and a few more give you all the functions you need.
Trust But Verify, Good Advice
HardPrime’s Integrated Scanner is Run Before & After Hardening, To Ensure Hardening Happens, As You Requested.
- Always Verify Results… Good advice for hardening or… for life, in general.
HardPrime includes a “Verify Scan” with every Rule it Hardens automatically. We like to think of them as “Before & After” Scanning, making sure, the action you asked for, is performed correctly.
Seems like a redundant step, but HardPrime ensures you have compliance, when you think you have compliance.
Four Steps To Compliance… Scan, Harden, Verify & Report
HardPrime Performs These Four Steps On Every Selection Ensuring Compliance.
HardPrime is Your AWS All-In-One Security Scanner, Security Hardener, Hardening Reference Manual with a Documentation Generator… integrated into your terminal for pennies.
- We Scan For Risks
- We Harden Your Selections
- We Verfiy Scan Your Selections For Risk
- We Report Your Selections, Before & After
With so many security tools only serving a portion of these needs, HardPrime does them all, together, in-context.
Other tools provide just Scanning, or just Hardening, while HardPrime integrates these functions to a seamless Hardening Session, to make sure you get the Hardened AMI you need.
- 4 Steps To Knowing
- 4 Steps To Compliance
- 4 Steps To Getting It Right
- 4 Steps To Confidence In Compliance
Build Your Compliance Policy & Reuse Golden Images
Think of HardPrime as a Golden Image Construction Kit. Because HardPrime makes it easy, you can build standard golden images, per application, per server function, per business unit, per environment… any way you need them.
Building Golden Images Easily means every instance, every environment is secure with HardPrime… including Non-Prod environments
NonProd environments are notoriously insecure because they don’t have to be, yet this makes server instances across environments different from each other, and that causes problems.
When making Hardening Golden Images becomes easy, you rely on them throughout your projects.
Simply Harden a server instance to your requirements, remove HardPrime, and take an AMI Image with AWS’s console or CLI.
Reuse this AMI image as a Golden Image, for each environment, each server instance, to ensure what works in nonprod, works in production.
- Ensure What Works in NonProd, Works In Production.
HardPrime Generates A ReportSite, Everytime For Compliance
HardPrime’s ReportSite generates compliance documentation every session. Simply import the HTML or Markdown and fold into your Compliance Policy.
HardPrime ReportSite is a portable website of custom generated reports designed to be used in-part or in-whole for your Security Documentation.
- Are You a MarkDown Repo Person or a Web Friendly Person… HardPrime Reports To both portable website HTML and Markdown formats for universal open usage.
- ReportSite provides reports to multiple audiences, including Results, Compliance, or Summary Reports.
- ReportSite renders inside the terminal window, it allow renders richly in any desktop web browser.
HardPrime’s ReportSite reports are a portable website that you can take with you back to your desktop. Browse these reports directly in the terminal or download them to your desktop.
This rich HTML report set includes easy navigation in a web browser. Send this zip’d website to anyone you need to share results with. HardPrime reports on every rule, every ruleset in HardPrime.
Some reports concentrate on what you’ve chosen, some concentrate on every rule available. All reports are available is HTML or MarkDown format, making it easy to import into any word processor for further customization.
HardPrime Makes Hardening Low Cost & High Quality
When considering your Hardening solution choices, consider the costs of alternatives to HardPrime.
In making Hardening choices, the largest cost is the valuable time of your technical team. Technical teams cost big-bucks in today’s marketplace, making their path easier and quicker easily justifies HardPrime’s costs.
With HardPrime we shift your experts’ attention from the mechanics of hardening to the decision making in Hardening Policy.
HardPrime focuses your team on the Why? rather than the How?, saving you money and time, while making your decision making better and well documented.
If Needed, HardPrime Removes Itself
When you are finished hardening, HardPrime can be turned off, or completely removed, easily, due to its small footprint.
HardPrime is provided in a small footprint, with minimized dependencies, so you can remove it.
- Turn HardPrime Off
- Remove HardPrime Completely
- Reinstall Anytime With Token
Hardened images need to be fully documented. Every application, every setting that varies from the “vanilla” operating system needs to be known, and documented.
HardPrime documents every instruction performed in the Hardening and documents it for you.
When all the Hardening is performed, you’ll probably want to remove the HardPrime additions too.
Our small footprint makes removal easy through a script. Removal and even Reinstallation are easy with HardPrime’s small footprint.
- Want It Gone When You’re Done… Easily Done
AutoUpdating Rules & Rulesets
HardPrime’s ConfigSync Auto Installer/Updater Will Make Sure You Have The Latest Tools & Data Every Session
- Stay Up-To-Date With The Latest Scanner Data
- Stay Up-To-Date With The Latest Hardening Methods
- Stay Up-to Date With The Latest Reports & Documentation
HardPrime’s ConfigSync updates itself to make sure you enjoy the latest innovations and definitions we offer.
When HardPrime starts, it ConfigSync updates itself, ensuring you have the very latest hardening innovations for your hardening session. Scanning definitions, Hardening definitions, Report resources, and new features are kept up-to-date from within HardPrime, for every hardening session.
Root User Insulated For Your Protection From Errors
HardPrime insulates itself against costly mistakes. It can only perform hardening rules, and has no buffer to overload.
Yes, when running HardPrime, you have ROOT access, so the largest danger is simply making a mistake. HardPrime’s TUI runs as a client, while its server daemon only performs hardening by rule-ID. No commands are issued directly, our hardening database is the only source of commands executed.
HardPrime Is Designed With Safety In Mind
Root access functions are insulated so no actions are performed accidentally.
HardPrime works the same way, our TUI Client only sends instruction names to be performed, so there is no danger of unintentional modifications. The client asks for rules and their definition, and then can only perform those rules, by name.
- This insulation help avoid making mistakes with super-user rights.
Hardening Decision Making Tool
HardPrime’s best feature is supporting your Hardening Decision Making, your Compliance Policy
- The Hardest Thing About Hardening, What Should We Harden?
HardPrime excels at helping you tame and decide which Rules to harden.
As more and more companies move to Cloud servers on AWS, the datacenter hardening discussions move there too, but the cloud is different.
Cloud servers don’t have floppy drivers to harden, or grub bootloaders, or the partition options that bare-metal datacenter servers have.
HardPrime lets you decide which Rules will be hardened automatically, which rules need to be hardened with a manual configuration, and which rules simply are not applicable on the cloud. Mark the rules as you need, and our reports keep track of your decisions for the documentation.
Hardening & Compliance Best Practices Onboard
HardPrime collects security standards and rulesets from community and industry resources, so you don’t have to. HardPrime uses industry SSG, OVAL, and SCAP resources, exclusively.
HardPrime keeps no secrets, every command issued, every scan done, every fix performed is transmitted to your server as a very-large open XML datafile.
Most try to users avoid the heavy XML of SSGs, SCAPs and OVALs required to harden a server, but we offer full transparency by publishing our Rule definitions on every server instance.
Our ReportSite documents where you can find these XML files for review. Remember, every line of code performed by HardPrime is clearly presented in HardPrime’s Terminal Client Help, as well as, in the ReportSite documentation generated by your hardening session.
- Standards Bodies Make SSGs, SCAPs and OVALs Impossible to Decipher, HardPrime Does It For You.
- Reduce The Complexity of Compliance Standards & Benchmarks, Just Select What You Need.
HardPrime Handles Special Edge Cases In Compliance With Manual Hardening
HardPrime helps you document special configurations. Mark a rule for Manual Hardening, and we’ll make sure it is documented as an exception case, and remind you to harden it.
- Make sure your special needs are subject to compliance.
At HardPrime, we know that some needs can’t be automated. These needs usually involve highly customized configurations. Using HardPrime, mark any special cases as Manual hardening, and HardPrime builds an exception list for you to harden manually.
Apache2 is a good example, HardPrime hardens it, by disabling it. This is perfect for most servers, except your webserver which is custom configured for your needs. On your webservers, mark it as Manual with HardPrime, we’ll remind you to document your configuration for compliance.
Some Rules Are Not Applicable to the Cloud
HardPrime balances Cloud needs with Datacenter needs. Compliance rules are written for the datacenter, and bare-metal. Mark Cloud exceptions as Not Applicable Cloud in HardPrime, and document your compliance correctly.
- HardPrime documents Cloud issues correctly
- HardPrime handles hardening rules that simply aren’t possible technically, but need to be addressed in your compliance policy.
The virtual nature of Cloud Instance Servers is quite different than the datacenter hardware that so much of the hardening technology references.
Rules governing floppy drive drivers, bootloader settings, or extended partitions are not really the same on the cloud. They are either missing entirely, or not a risk to manage.
HardPrime lets you mark these issues as N/A CLOUD so that your team understands these differences as risk that is documented in your reports.
AutoSave Makes Your Selections Interruption-Proof
Make decisions right inside HardPrime, we save every selection in case you’re interrupted.
Hardening Decisions can take time, research. Make those decision right inside the HardPrime interface, we’ll save your work.
- Saves Progress In Terminal
- Resilient to Restarts
- Resilient to Lost Connections
HardPrime makes sure your selections are saved in your Hardening Session because we want to make sure we hold onto your work regardless of the interruption, whether its losing a connection, logging out, or ending your workday. All of your choices remain saved regardless.
Hardening Starts With Research & Decisions
Don’t skip to the middle, an iterative research-selection-hardening-report cycle makes the most sense. HardPrime is designed to streamline these decisions, giving you in-context research, selections, hardening and reports.
Most teams skip to the middle when it comes to Hardening policy. Although HardPrime does the mechanics of Scanning, Hardening and Reporting very well, it also provides a context-based research tool, and a comprehensive ReportSite for your documentation.
Every Rule listed is backed by full information about…
- the Rationale,
- the Risk rating,
- the Complexity scoring, and
- the actual mitigation code performed… for your review.
As you build your selection, add and subtract during your research steps until you have exactly what your team wants, then HardPrime will harden your system for easy reuse in Golden Images.
Not Pre-Hardened Image Mysteries, Custom Hardening Chosen By You
When problems arise with Pre-Hardened Images, you can’t unwind what was hardened. With HardPrime, you can choose what works for your needs.
Pre-Hardened Images Are Mystery…
- How did they harden it?
- What if I want to undo something they did?
HardPrime gives you a blank slate, and you choose every Rule, with full decision support, full reporting, eliminating all mysteries in your hardening policy.,
Your HardPrime Hardened Images will be fully documented, so you don’t build a mystery for your team.
Make your own choices, don’t let someone make them for you. Some mysterious engineer making choices about Hardening, and building a mystery server for you.
- How’d they do it?
- What did they choose on your behalf.
Take control with HardPrime, make your own choices.
Reports for Every Audience of Your Team
HardPrime’s ReportSite is a portable package of reports for your Hardening session. It is organized into a portable HTML website with both formatted HTML and Markdown Text files.
HardPrime includes a separate report for every team member you have. Summaries for Management or Decision Makers, Results Detail for your engineers, and Complete Digests for Your Security and Compliance Teams. All easily navigated in a rich HTML5 website.
- Navigate your ReportSite right in the terminal
- Download a portable website zip file, for use with any rich desktop browser.
- Use HTML or MarkDown copies in your documentation, easily.
Import these reports into your favorite word processor and include them in documentation or policy statements.
HardPrime’s ReportSite is designed to communicate your compliance.
HardPrime Has Thousands of Rules, Thousand of Manual Pages To Match
HardPrime takes very large manuals of Hardening Rules, and breaks them down, in-context for each rule you view or select. A keypress gives you the in-context page of information you need now.
HardPrime contains thousands of Rules within its RuleSets from HIPAA, C2S, NIST and more.
- Press the ?, on any rule in HardPrime, and the Manual page appears, in-context, right in the terminal.
Instead of dropping these thousands of pages on your desktop, each is available on-demand, in the terminal, when you’re deciding your hardening policy.
In context, just-in-time, only when you need them, makes decision making with HardPrime painless.
Easy Embedded Billing, No Approval Needed, No Separate Billing for HardPrime
HardPrime uses the AppStore ecosystem on each Cloud Provider for billing.
Visit the Marketplaces in AWS, Azure or Google Cloud Platform, and a single click licenses HardPrime. It’s bundled and itemized in your cloud billing.
There’s no need to block your team’s progress with billing details and accounting hassles, HardPrime is cloud-billing friendly.
Currently, we don’t support datacenter licensing, but hope to in the future.
Your Operating System is Up HardPrime’s Alley
At HardPrime, we’re always adding Operating System choices to our list of images.
HardPrime was designed to be as agnostic as possible while containing very OS specific rules and rulesets.
- Be sure to check here at HardPrime.com for the latest additions to the list.
- Be sure to drop us a request, we hope to serve options in-demand first.