diff --git a/README.md b/README.md index 1e17163..7862754 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,8 @@

"Did you know all your doors were locked?" - Riddick (The Chronicles of Riddick)

+
+

+:collision: Work in progress, just a moment... First, I update a [Table Of Content](#table-of-content). + **** -Work in progress, just a moment... +## Table Of Content + +- [Checklist - document the host information](#checklist-document-the-host-information) +- [Pre install tasks](#pre-install-tasks) + * [Physical system security](#physical-system-security) + + [BIOS protection](#bios-protection) + * [Partitioning scheme](#partitioning-scheme) + * [Hard disk encryption](#hard-disk-encryption) + * [Bootloader configuration](#bootloader-configuration) +- [Post install tasks](#post-install-tasks) + * [Keep system updated](#keep-system-updated) + * [Package management](#package-management) + + [Remove packages with known issues](#remove-packages-with-known-issues) + * [Netfilter ruleset](#netfilter-ruleset) + * [TCP wrapper](#tcp-wrapper) + * [Users and groups](#users-and-groups) + + [Limit su access](#limit-su-access) + + [Disable root account](#disable-root-account) + + [Logins to system console](#logins-to-system-console) + + [Disable shell accounts](#disable-shell-accounts) + + [Strong password policy](#strong-password-policy) + + [Password aging](#password-aging) + + [Previous passwords](#previous-passwords) + + [Login failures](#login-failures) + * [System path permissions](#system-path-permissions) + + [World writable files](#world-writable-files) + * [Disk partitions](#disk-partitions) + + [Secure /tmp and /var/tmp](#secure-tmp-and-var-tmp) + + [Disk quotas](#disk-quotas) + * [PAM module](#pam-module) + * [Limits](#limits) + * [Shadow passwords](#shadow-passwords) + * [Linux kernel hardening](#linux-kernel-hardening) + * [Kernel parameters](#kernel-parameters) + + [Improve network security](#improve-network-security) + + [Improve system security](#improve-system-security) + * [Remove unused modules](#remove-unused-modules) + * [Secure shared memory](#secure-shared-memory) + * [IRQ balance](#irq-balance) + * [Disable compilers](#disable-compilers) + * [Email notifications](#email-notifications) + * [Backups](#backups) +- [Tools](#tools) + * [Logging and Auditing](#logging-and-auditing) + + [Auditd](#auditd) + + [Tiger](#tiger) + + [Aide](#aide) + + [Logwatch](#logwatch) + * [Other](#other) + + [Fail2ban](#fail2ban) + + [PSAD](#psad) + + [SELinux](#selinux) + + [Centralized authentication service](#centralized-authentication-service) + * [Testing tools](#testing-tools) + + [Lynis](#lynis) + + [Chrootkit](#chrootkit) +- [Hardening Services](#hardening-services) + * [Disable all unnecessary](#disable-all-unnecessary) + * [System services](#system-services) + + [OpenSSH](#openssh) + + [NTP](#ntp) + + [Cron](#cron) + + [Anacron](#anacron) + * [DNS services](#dns-services) + + [Bind9](#bind9) + * [Mail services](#mail-services) + + [Postfix](#postfix) + * [Web services](#web-services) + + [Nginx](#nginx) + + [Apache](#apache) +- [Testing configuration](#testing-configuration) +- [External resources](#external-resources)