CSEC_PUBLIC/How-To-Secure-A-Linux-Server
1
0
Fork 0
mirror of https://github.com/imthenachoman/How-To-Secure-A-Linux-Server.git synced 2025-12-06 17:22:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

cleaned up to do list

Browse Source 
- removed completed items
- removed port knockers and knockd as those are more pain than good
This commit is contained in:
IMTheNachoMan
2019-03-07 23:21:35 -05:00
parent 051ad09119
commit 2546e6c3c5
1 changed files with 0 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -111,27 +111,17 @@ There are many guides provided by experts, industry leaders, and the distributio
### To Do / To Add
- [ ] [Custom Jails for Fail2ban](#custom-jails)
- [x] [Linux Kernel sysctl Hardening](#linux-kernel-sysctl-hardening)
- [ ] Security-Enhanced Linux / SELinux - https://en.wikipedia.org/wiki/Security-Enhanced_Linux, https://linuxtechlab.com/beginners-guide-to-selinux/, https://linuxtechlab.com/replicate-selinux-policies-among-linux-machines/, https://teamignition.us/how-to-stop-being-a-scrub-and-learn-to-use-selinux.html
- [ ] disk encryption
- [x] BIOS password
- [ ] Anti-Virus
- [x] use ed25519 keys instead of RSA for SSH public/private keys
- [x] psad
- [x] unattended upgrades for critical security updates and patches
- [x] logwatch
- [ ] Rkhunter and chrootkit
- [ ] AppArmor
- [ ] port knockers for SSH - https://news.ycombinator.com/item?id=19181829, https://www.reddit.com/r/linuxadmin/comments/arx7xo/howtosecurealinuxserver_an_evolving_howto_guide/egropaw/
- [ ] https://linux-audit.com/linux-system-hardening-adding-hidepid-to-proc/
- [ ] https://likegeeks.com/secure-linux-server-hardening-best-practices/#Secure-Mounted-Filesystems
- [ ] shipping/backing up logs - https://news.ycombinator.com/item?id=19178681
- [ ] Tripwire - https://news.ycombinator.com/item?id=19180856
- [ ] MAC (Mandatory Access Control) and Linux Security Modules (LSMs)
- [x] CIS hardening guidelines and benchmarks @ https://www.cisecurity.org/cis-benchmarks/
- [ ] Knockd - https://www.reddit.com/r/linuxadmin/comments/arx7xo/howtosecurealinuxserver_an_evolving_howto_guide/egswikz/
- [ ] securing NTP - https://www.reddit.com/r/linuxadmin/comments/arx7xo/howtosecurealinuxserver_an_evolving_howto_guide/egqc160/
- [x] `netstat -nlp` - https://www.reddit.com/r/linux/comments/arx7st/howtosecurealinuxserver_an_evolving_howto_guide/egrib6o/
([Table of Contents](#table-of-contents))