CSEC_PUBLIC/the-practical-linux-hardening-guide
1
0
Fork 0
mirror of https://github.com/trimstray/the-practical-linux-hardening-guide.git synced 2025-12-06 09:12:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

minor updates; fixed typos

Browse Source 
- signed-off-by: trimstray <trimstray@gmail.com>
This commit is contained in:
trimstray
2019-02-23 20:19:29 +01:00
parent 37dbbba3fe
commit 9d6f237b9b
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -82,6 +82,8 @@ A few simple rules for this project:
- some hardening rules/descriptions can be done better - some hardening rules/descriptions can be done better
- you can think of it also as a checklist - you can think of it also as a checklist
Please also remember:
> This guide also contains my comments that may be differ from certain industry principles. If you are not sure what to do please see **[Policy Compliance](#policy-compliance)** chapter. > This guide also contains my comments that may be differ from certain industry principles. If you are not sure what to do please see **[Policy Compliance](#policy-compliance)** chapter.
### The importance of Linux hardening ### The importance of Linux hardening
@@ -102,7 +104,7 @@ We have a lot of great GNU/Linux hardening policies to provide safer operating s
Configuring your systems in compliance eliminate the most common security fails/bugs. For example, CIS has been shown to eliminate 80-95% of known security vulnerabilities. Configuring your systems in compliance eliminate the most common security fails/bugs. For example, CIS has been shown to eliminate 80-95% of known security vulnerabilities.
On the other hand these standards are complicated (for newbies difficult to implement) check-list. In my opinion ideally, real world implementation is automated via something like OpenSCAP. On the other hand these standards are complicated (for newbies difficult to implement) check-lists. In my opinion ideally, real world implementation is automated via something like OpenSCAP.
> You should use a rational approach because more is not better. Each environment is different so security rules should all work in theory, but sometimes it not works as well. > You should use a rational approach because more is not better. Each environment is different so security rules should all work in theory, but sometimes it not works as well.