Linux Hardening - what are you must-haves? (infosec.pub)

submitted 1 year ago by wop@infosec.pub to c/cybersecurity@infosec.pub

8 comments fedilink hide all child comments

I'm working on a guide focused on securing Linux servers and I'd like to ask you what your essential hardening techniques and tips are? Your feedback would be greatly appreciated

you are viewing a single comment's thread
view the rest of the comments

[-] cron@feddit.de 3 points 1 year ago

Not a full list, just some ideas for personal servers.

Make sure that only the services are exposed that you want to have exposed. For example, a webserver with PHP and mariadb probably does not need to have mariadb reachable from the network.
Check the default config of all the programs you install. The default is often not the most secure option.
Have secure authentication on every service on the server. Change all the default passwords.
DO NOT disable security features like selinux.
Document your setup, the specific changes you made and make and test backups.

Please be aware that the requirements in a business environment might be different.

this post was submitted on 05 Nov 2023

22 points (100.0% liked)

cybersecurity

3231 readers

1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub