From 1394cf92f8156f64ad37bb79a15466172ff2adb2 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 28 Feb 2019 01:31:40 +0100 Subject: [PATCH] minor updates - signed-off-by: trimstray --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index b0c7b72..a10601f 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,8 @@ Simply speaking, hardening is the process of making a system more secure. Out of The process of hardening servers involves both IT ops. and security teams and require changes to the default configuration according to industry benchmarks. +Also for me hardening is the fine art of doing the right things, even if they in itself don't always look to be having a big impact. It's always a balance between ease of use and protection. + You need to harden your system to protect your assets as much as possible. Why it's important? Please read a great and short article that [explains hardening process](https://linux-audit.com/linux-server-hardening-most-important-steps-to-secure-systems/) step by step by [Michael Boelen](https://michaelboelen.com/). ### How to hardening Linux? @@ -108,6 +110,14 @@ On the other hand these standards are complicated (for newbies difficult to impl > You should use a rational approach because more is not better. Each environment is different so security rules should all work in theory, but sometimes it not works as well. +Hardening is not a simple process. Each of us must devote a lot of time to it. Here are the general rules that just follow the common best practices: + +- never use root account for anything that does not require it +- only sudo individual commands or for a short time +- never let a server running as root (except for its initialization time...) and ensure that it leaves all unnecessary privileges before accepting requests +- secure your firewall the best you can and forbid all unnecessary accesses +- do not install unnecessary or non controlled software + ### Which distribution should be used? This guide is being written and tested on **Red Hat Enterprise Linux 7** and **CentOS 7** distributions because: