https://www.nsa.gov/ia/_files/factsheet ... t-i731.pdf
Linux Hardening Tips
2 posts
• Page 1 of 1
Linux Hardening Tips
by hari » Wed Dec 10, 2014 2:50 pm
- hari
- Posts: 0
- Joined: Thu Aug 07, 2014 11:53 am
Re: Linux Hardening Tips
by SIbinPhilip » Wed Jan 21, 2015 11:37 am
Hi,
Here are some tips for hardening your Server.
1. Encrypt Data Communication with password or using keys / certificates.
2. Minimize Software to Minimize Vulnerability. Remove unwanted packages from your system.
3. One Network Service Per System or VM Instance.
4. Keep Linux Kernel and Software Up to Date.
5. Use Linux Security Extensions. Selinux
6. User Accounts and Strong Password Policy like password aging, Restricting Use of Previous Passwords, Locking User Accounts After Login Failures, Verify No Accounts Have Empty Passwords and Make Sure No Non-Root Accounts Have UID Set To 0.
7. Disable root Login
8. Physical Server Security
9. Disable Unwanted Services
10. Delete X Windows , as it is not required in the server.
11. Configure Iptables and TCPWrappers
12. Separate Disk Partitions
13. Turn Off IPv6
14. Disable Unwanted SUID and SGID Binaries
15. Use A Centralized Authentication Service
16. Secure OpenSSH Server
17. Protecting Files, Directories and Email.
18. Keep /boot as read-only
19. Monitor User Activities
20. Disable Ctrl+Alt+Delete in Inittab.
Hope this might be helpfully.
Here are some tips for hardening your Server.
1. Encrypt Data Communication with password or using keys / certificates.
2. Minimize Software to Minimize Vulnerability. Remove unwanted packages from your system.
3. One Network Service Per System or VM Instance.
4. Keep Linux Kernel and Software Up to Date.
5. Use Linux Security Extensions. Selinux
6. User Accounts and Strong Password Policy like password aging, Restricting Use of Previous Passwords, Locking User Accounts After Login Failures, Verify No Accounts Have Empty Passwords and Make Sure No Non-Root Accounts Have UID Set To 0.
7. Disable root Login
8. Physical Server Security
9. Disable Unwanted Services
10. Delete X Windows , as it is not required in the server.
11. Configure Iptables and TCPWrappers
12. Separate Disk Partitions
13. Turn Off IPv6
14. Disable Unwanted SUID and SGID Binaries
15. Use A Centralized Authentication Service
16. Secure OpenSSH Server
17. Protecting Files, Directories and Email.
18. Keep /boot as read-only
19. Monitor User Activities
20. Disable Ctrl+Alt+Delete in Inittab.
Hope this might be helpfully.
- SIbinPhilip
- Posts: 0
- Joined: Tue Nov 25, 2014 12:01 pm
2 posts
• Page 1 of 1
