Hardening
Security hardening checklist for the RavenmaskOS host and services.
Host Hardening
- Keep macOS and Colima up to date.
- Enable disk encryption.
- Restrict inbound ports to only required services.
- Use strong passwords and SSO for all web interfaces.
Container Hardening
- Avoid running containers as root unless required.
- Mount secrets read-only where possible.
- Limit container privileges (e.g.,
no-new-privileges). - Pin image versions for production services.
Operational Hardening
- Enable automated backups and test restores.
- Monitor for failed logins and suspicious activity.
- Rotate credentials on a fixed cadence.
- Document incident learnings and apply fixes.