Skip to content

DraumVisker/Linux-System-Hardening-CheckList

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 

Repository files navigation

Physical System Hardening
  • Prevent others to access your servers
  • Configure BIOS
    • Disable booting from CD/DVD and External Devices
    • Setup BIOS password
  • Protect GRUB with password
  • Disable USBs and Input Devices in OS-COnfiguration
    • /etc/modprobe.d/no-usb
Configure SSH connections
  • Use key-based authentication instead of password-based authentication.
  • Restrict SSH access from certain known IPs only
  • Disable root login
    • Set PermitRootLogin no in /etc/ssh/sshd_config
  • Set Protocol 2 in /etc/ssh/sshd_config
  • Users with the appropriately configured access level should be allowed to login
Disable Unnecessary Services & Ports
  • Take down unnecessary open ports can quickly reduce the attack surface
  • Lockdown Cronjobs
    • /etc/cron.allow and /etc/cron.deny
Activate Firewall
  • Restrict access to Linux's services
    • Define policies
  • Block unwanted connections
    • Zero Trust network

Strong Password Policies

  • At least 18 characters that include lowercases, Uppercases, Numbers and Special Characters
Remove Unnecessary Packages
  • Minimize Packages to Minimize Vulnerability
    • chkconfig
Keep Kernel and Packages Updated
Disable ICMP (or Limit Access)
  • Ping sweep (to prevent identify hosts on a network)
  • Ping flood (to prevent ICMP flood attack)
  • ...
Logging and Auditing
  • Detect any attempted intrusions
  • Help to inspect the occurred breach
Turn Off IPv6
  • To reduce attack surface
    • /etc/sysconfig/network
Separate Disk Partitions
  • Keep partitions separated and grouped. It can helps decrease the radius of any attack
Regular Backups
  • An off-site backup of your server can help you quickly recover any lost machines due to intrusion or attack
Automated Threat and Compliance Monitoring Tools
  • IPS / IDS
    • Snort
    • Suricata
    • ...

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published