Fortify

Fortify is a Linux hardening tool that scans for weak configs, applies fixes, and gamifies security with badges, ranks, and GitHub Octocat approval.

Comment

Inspiration

When I first started running Linux on my personal machine for projects, I ran into many issues and even came close to being hacked due to weak SSH settings. That pushed me to research the pros and cons of running Linux-based software. I realized that many beginners run Linux with insecure defaults, so I built Fortify — an automation tool that scans, fixes, and protects systems while making security fun.

What it does

Fortify scans your Linux system for insecure configurations (e.g., SSH root login, firewall, updates, user/group settings, world-writable files). It applies safe fixes, generates reports, and rewards you with scores, badges, and GitHub Octocat approval. By turning system hardening into a game, it keeps users engaged while improving their security posture.

How we built it

  • Bash scripts for system checks and fixes
  • Profiles (default, server) to customize scans
  • Auto-fix functions with backup safety
  • Reports in JSON + HTML (auto-open in browser)
  • Gamification layer with XP, badges, and Octocat integration
    ## Challenges we ran into
  • Balancing automation vs. safety — not every fix should auto-apply
  • Debugging strict Bash errors (set -euo pipefail, missing fi)
  • Designing a tool that’s both serious and playful
  • Packaging scripts so anyone can install and run them easily
    ## Accomplishments that we're proud of
  • Built a one-command Linux hardening tool
  • Added gamified reporting to make security engaging
  • Integrated GitHub Octocat approval for a fun, developer-friendly touch
  • Turned personal frustration into a solution that helps others
    ## What we learned
  • Linux security fundamentals: SSH configs, firewalls, permissions, updates
  • Bash scripting best practices and error handling
  • The importance of UX, even in security tools
  • How to gamify learning to keep users motivated
    ## What's next for Fortify
  • Add more checks (Docker security, kernel configs, cloud VMs)
  • Expand gamification with levels, streaks, and leaderboards
  • Package for npm and Docker Hub for easier installation
  • Build a simple web dashboard to view reports across multiple machines
Share this project:

Updates