AI for DevOps Security & Hardening
Use AI to review infrastructure security, harden Linux servers, detect risky commands, audit CI/CD pipelines, and improve production safety.
Prompts
- Intermediate
Audit & Logging Policy Design Prompt
Design a defensible audit-logging policy — what security events to capture, tamper-resistant retention, and high-value detection signals — so you can answer 'who did what, when' during an incident.
- Claude
- ChatGPT
Open prompt - Advanced
auditd Rule-Set Design Prompt
Design a focused, low-noise Linux auditd rule-set that captures the events that actually matter for forensics and compliance without drowning the audit log in irrelevant syscalls.
- Claude
- ChatGPT
Open prompt - Intermediate
Bastion / Jump-Host Hardening Review Prompt
Review a bastion/jump host for excess exposure and weak controls, then harden it into a minimal, heavily logged, single-purpose gateway with session recording and tight forwarding rules.
- Claude
- ChatGPT
Open prompt - Advanced
CIS Benchmark Compliance Assessment Prompt
Interpret CIS Benchmark scan results for Linux hosts or Kubernetes, prioritize the findings that matter, and produce safe remediation with rollback — without breaking workloads chasing a perfect score.
- Claude
- ChatGPT
Open prompt - Advanced
Cloud IAM Privilege-Escalation Path Review Prompt
Audit cloud IAM for privilege-escalation paths and missing permission boundaries — finding the chained permissions that let a low-privilege identity become admin — and harden them.
- Claude
- ChatGPT
Open prompt - Intermediate
Container Image Vulnerability Scan Triage Prompt
Turn noisy Trivy/Grype container image scan output into a prioritized, actionable remediation plan — separating reachable, fixable CVEs from base-image noise and false positives.
- Claude
- ChatGPT
Open prompt - Intermediate
Dependency CVE Triage & Prioritization Prompt
Turn a noisy dependency vulnerability scan into a ranked, actionable remediation plan using reachability, exploitability, and exposure — instead of chasing every red CVE.
- Claude
- ChatGPT
Open prompt - Intermediate
DNS Security & Resolver Hardening Review Prompt
Review DNS posture for DNSSEC validation gaps, open/recursive resolver exposure, and missing encrypted transport, then harden resolvers and zones against spoofing and exfiltration.
- Claude
- ChatGPT
Open prompt - Advanced
Egress Filtering & Outbound Control Policy Prompt
Design a default-deny egress policy that controls outbound traffic from servers and clusters — allowlisting required destinations, proxying egress, and detecting exfiltration and C2 beaconing.
- Claude
- ChatGPT
Open prompt - Intermediate
fail2ban Brute-Force Protection Tuning Prompt
Review and tune fail2ban jails to stop credential-stuffing and brute-force attempts without locking out legitimate users, with sane bantimes, allowlists, and persistent banning.
- Claude
- ChatGPT
Open prompt - Intermediate
File Integrity Monitoring with AIDE/Tripwire Prompt
Design and tune a file integrity monitoring deployment (AIDE or Tripwire) that detects tampering of critical files while staying quiet about expected churn like logs, caches, and package updates.
- Claude
- ChatGPT
Open prompt - Intermediate
Firewall & Network Egress Hardening Review Prompt
Audit and tighten host and cloud firewall rules — nftables/iptables, security groups, NACLs — toward default-deny ingress and controlled egress, eliminating overly broad 0.0.0.0/0 exposure.
- Claude
- ChatGPT
Open prompt - Advanced
Kubernetes Pod Security Standards Review Prompt
Review a Kubernetes cluster's workloads against the Pod Security Standards (baseline/restricted) and produce a phased enforcement plan that won't break running apps.
- Claude
- ChatGPT
Open prompt - Advanced
Kernel Lockdown & Secure Boot Hardening Prompt
Review and harden a Linux host's boot-chain integrity — Secure Boot, kernel lockdown mode, and module signing — so unsigned or malicious code cannot load into the kernel.
- Claude
- ChatGPT
Open prompt - Advanced
Least-Privilege IAM Policy Review Prompt
Right-size over-permissioned cloud IAM — strip wildcard actions, scope resources, eliminate privilege-escalation paths, and replace static keys with short-lived roles, using actual usage data.
- Claude
- ChatGPT
Open prompt - Advanced
mTLS Service-to-Service Authentication Design Prompt
Design mutual-TLS authentication between internal services — certificate issuance, rotation, trust domains, and enforcement — so workloads prove identity to each other under a default-deny model.
- Claude
- ChatGPT
Open prompt - Advanced
nftables Firewall Ruleset Review & Rewrite Prompt
Audit a messy iptables/nftables ruleset for gaps, shadowed rules, and default-allow leaks, then produce a clean, default-deny nftables rewrite with stateful tracking and logging.
- Claude
- ChatGPT
Open prompt - Intermediate
PAM & MFA Authentication Policy Review Prompt
Review a Linux host's PAM stack and multi-factor configuration to close authentication gaps — weak password policy, missing MFA, lockout bypasses, and dangerous module ordering.
- Claude
- ChatGPT
Open prompt - Beginner
Reverse-Proxy Security Headers Audit Prompt
Audit a reverse proxy (nginx, Caddy, HAProxy, Traefik) for missing or weak HTTP security headers — CSP, HSTS, frame/content-type protections — and produce a hardened, app-aware configuration.
- Claude
- ChatGPT
Open prompt - Beginner
Risky Shell Command & Script Review Prompt
Review shell commands, scripts, and pasted one-liners for destructive or unsafe behavior before running them — flagging data loss, privilege misuse, and remote-pipe-to-shell patterns.
- Claude
- ChatGPT
Open prompt - Advanced
Rootkit & IOC Detection Triage Prompt
Run a structured, defensive triage of a possibly-compromised Linux host — checking for rootkits and indicators of compromise — and decide between false alarm, contain, or full incident response.
- Claude
- ChatGPT
Open prompt - Advanced
SBOM & Sigstore Supply-Chain Verification Prompt
Stand up artifact provenance and signature verification — generate SBOMs, sign with Sigstore/cosign, attach SLSA provenance, and enforce admission policies that reject unsigned or untrusted builds.
- Claude
- ChatGPT
Open prompt - Intermediate
Secrets-in-Git History Scanning & Remediation Prompt
Scan a Git repository's full history for leaked secrets and produce a correct remediation plan — rotate first, then purge history and prevent recurrence — without the usual mistakes.
- Claude
- ChatGPT
Open prompt - Intermediate
Secrets Rotation Runbook Builder Prompt
Design safe, zero-downtime rotation procedures for credentials, API keys, and certificates — covering dual-key overlap, blast-radius mapping, and verification, including emergency rotation after a leak.
- Claude
- ChatGPT
Open prompt - Intermediate
SOC2 & CIS Evidence-Gathering Automation Prompt
Design automation that continuously collects, timestamps, and stores audit evidence mapped to SOC2 and CIS controls — replacing the last-minute screenshot scramble before an audit.
- Claude
- ChatGPT
Open prompt - Advanced
SSH Certificate Authority Access Design Prompt
Design an SSH CA-based access model that replaces sprawling authorized_keys with short-lived signed certificates, principals-based authorization, and clean revocation.
- Claude
- ChatGPT
Open prompt - Intermediate
TLS & Certificate Hardening Review Prompt
Audit TLS configuration and certificate lifecycle across endpoints — protocol/cipher selection, cert chain and expiry, OCSP/HSTS, and mTLS — to close weak-crypto and expired-cert exposure.
- Claude
- ChatGPT
Open prompt - Intermediate
WireGuard VPN Hardening Review Prompt
Review a WireGuard (or legacy VPN) configuration for weak peer scoping, over-broad AllowedIPs, missing key rotation, and routing leaks, then harden it to least-privilege access.
- Claude
- ChatGPT
Open prompt - Advanced
Zero-Trust Micro-Segmentation Planning Prompt
Plan network micro-segmentation toward a zero-trust model — map flows, define identity-based segments, and design enforcement with default-deny east-west policies.
- Claude
- ChatGPT
Open prompt - Intermediate
CI/CD Secret Exposure Review Prompt
Audit GitHub Actions, GitLab CI, CircleCI, or Jenkins pipelines for secret leaks — logged secrets, exfiltration via unscoped tokens, third-party action risks.
- Claude
- ChatGPT
- Cursor
Open prompt - Beginner
Dockerfile Security Review Prompt
AI security review of a Dockerfile — privilege, attack surface, secrets in layers, vulnerable bases, supply-chain risk.
- Claude
- ChatGPT
- Cursor
Open prompt - Intermediate
Linux Server Hardening Prompt
Walk an AI through a CIS-style hardening review of a Linux server — services, users, SSH, kernel parameters, file permissions — with safe, ordered remediation.
- Claude
- ChatGPT
Open prompt - Beginner
SSH Security Audit Prompt
Audit sshd_config, authorized_keys, and SSH client config — flag insecure defaults, weak algorithms, missing controls.
- Claude
- ChatGPT
Open prompt - Intermediate
Sudoers & Systemd Services Review Prompt
AI review of /etc/sudoers (and /etc/sudoers.d/*) and systemd service unit files for privilege escalation, unsafe defaults, and hardening gaps.
- Claude
- ChatGPT
Open prompt