Bargawiki

User Tools

Site Tools

Trace: processors management_tools types linux configuration
servers:configuration

Linux Hardening Guide

1. Keep the System Updated

Regularly update the operating system and installed packages using package managers like:

Debian/Ubuntu: sudo apt update && sudo apt upgrade

RHEL/CentOS: sudo yum update

Arch Linux: sudo pacman -Syu

Enable automatic updates when possible.

2. Minimize Installed Packages

Remove unnecessary packages and services to reduce vulnerabilities.

Use apt purge, yum remove, or pacman -Rns to uninstall unused software.

3. User and Access Control

Disable root login and use sudo for administrative tasks.

Set strong passwords and enforce password policies.

Use the principle of least privilege (POLP) for user accounts.

4. Secure SSH

Change the default SSH port (e.g., from 22 to another port in /etc/ssh/sshd_config).

Disable root login via SSH (PermitRootLogin no).

Enable key-based authentication and disable password authentication (PasswordAuthentication no).

Use firewall rules to restrict SSH access (e.g., using iptables or ufw).

5. Configure a Firewall

Use iptables, firewalld, or ufw to manage firewall rules.

Allow only necessary inbound and outbound traffic.

Example: sudo ufw allow 22/tcp (if using SSH on port 22).

6. Implement Security Modules

Enable SELinux (on RHEL-based systems) or AppArmor (on Debian-based systems) for mandatory access control.

Example:

Check SELinux status: sestatus

Enable AppArmor: sudo systemctl enable apparmor

7. Monitor and Log Activities

Enable and configure system logging using rsyslog or journalctl.

Use tools like auditd for detailed auditing.

Regularly review logs in /var/log/ for suspicious activity.

8. Use Intrusion Detection and Prevention Systems

Install and configure tools like:

Fail2Ban to block brute-force attacks.

AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring.

9. Encrypt Data and Communications

Use LUKS for disk encryption.

Ensure sensitive communications use TLS/SSL (e.g., HTTPS, OpenVPN).

Secure sensitive files with GPG encryption.

10. Backup and Disaster Recovery

Regularly back up important files and system configurations.

Use tools like rsync, tar, or Timeshift for backups.

Store backups securely and test recovery procedures periodically.

Conclusion

Following these hardening steps will significantly improve the security of a Linux system. Security is an ongoing process, so regular monitoring and updates are essential to maintaining a secure environment.

servers/configuration.txt · Last modified: 2025/02/25 15:58 by 85.219.17.206