This looks interesting:
“They somewhat implement security-misc” but using a different approach as far as I can see after looking into it for 10 minutes. harbian-audit audits and show if hardening settings are missing or apply the hardening settings using a script. security-misc sets security settings through settings files. The latter approach may be less flexible (we don’t have hardening levels - only different packages) but imo more easy to review and maintain and more suitable for installation in a Debian derivative by default.
Do you think you could have a look at it?
Specifically this folder:
harbian-audit/bin/hardening at master · hardenedlinux/harbian-audit · GitHub
They have a lot stuff we’re doing already (such as restrict su), but some things they may do different (better?) than we do and we might not have considered some things they are doing. Could be a rich source of security hardneing inspiration.