CSEC_PUBLIC/the-practical-linux-hardening-guide
1
0
Fork 0
mirror of https://github.com/trimstray/the-practical-linux-hardening-guide.git synced 2025-12-06 17:22:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed typos; updated TOC

Browse Source 
- signed-off-by: trimstray <trimstray@gmail.com>
This commit is contained in:
trimstray
2019-02-19 19:39:44 +01:00
parent 163e7a4d8a
commit e857a47e2b
1 changed files with 34 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
README.md
View File

@@ -90,12 +90,13 @@
+ [Disk quotas](lib/post_install_tasks/disk_partitions.md#eight_pointed_black_star-disk-quotas) + [Disk quotas](lib/post_install_tasks/disk_partitions.md#eight_pointed_black_star-disk-quotas)
+ [Summary checklist](lib/post_install_tasks/disk_partitions.md#ballot_box_with_check-summary-checklist) + [Summary checklist](lib/post_install_tasks/disk_partitions.md#ballot_box_with_check-summary-checklist)
* **[Keep system updated](#keep-system-updated)** * **[Keep system updated](#keep-system-updated)**
* [Package management](#package-management) * **[Package management](#package-management)**
+ [Automatic security updates](#automatic-security-updates) + [Automatic security updates](#automatic-security-updates)
+ [Remove packages with known issues](#remove-packages-with-known-issues) + [Remove packages with known issues](#remove-packages-with-known-issues)
* [Netfilter ruleset](#netfilter-ruleset) * **[Netfilter ruleset](#netfilter-ruleset)**
* [TCP wrapper](#tcp-wrapper) + [Shorewall](#shorewall)
* [Users and groups](#users-and-groups) * **[TCP wrapper](#tcp-wrapper)**
* **[Users and groups](#users-and-groups)**
+ [Limit su access](#limit-su-access) + [Limit su access](#limit-su-access)
+ [Disable root account](#disable-root-account) + [Disable root account](#disable-root-account)
+ [Logins to system console](#logins-to-system-console) + [Logins to system console](#logins-to-system-console)
@@ -105,53 +106,58 @@
+ [Previous passwords](#previous-passwords) + [Previous passwords](#previous-passwords)
+ [Login failures](#login-failures) + [Login failures](#login-failures)
+ [Protect single user mode](#protect-single-user-mode) + [Protect single user mode](#protect-single-user-mode)
* [System path permissions](#system-path-permissions) * **[System path permissions](#system-path-permissions)**
+ [World writable files](#world-writable-files) + [World writable files](#world-writable-files)
* [PAM module](#pam-module) * **[PAM module](#pam-module)**
* [Limits](#limits) * **[Limits](#limits)**
* [Shadow passwords](#shadow-passwords) * **[Shadow passwords](#shadow-passwords)**
* [Linux kernel hardening](#linux-kernel-hardening) * **[Linux kernel hardening](#linux-kernel-hardening)**
+ [Kernel parameters](#kernel-parameters) + [Kernel parameters](#kernel-parameters)
+ [Network security](#improve-network-security) + [Network security](#improve-network-security)
+ [System security](#improve-system-security) + [System security](#improve-system-security)
* [Remove unused modules](#remove-unused-modules) * **[Remove unused modules](#remove-unused-modules)**
* [Secure shared memory](#secure-shared-memory) * **[Secure shared memory](#secure-shared-memory)**
* [IRQ balance](#irq-balance) * **[IRQ balance](#irq-balance)**
* [Disable compilers](#disable-compilers) * **[Disable compilers](#disable-compilers)**
* [Email notifications](#email-notifications) * **[Email notifications](#email-notifications)**
+ [Rebooting the system](#rebooting-the-system) + [Rebooting the system](#rebooting-the-system)
* [Backups](#backups) + [Login the system](#login-the-system)
* [External devices](#external-devices) * **[Backups](#backups)**
+ [Backup policy](#backup-policy)
* **[External devices](#external-devices)**
+ [Disable USB usage](#disable-usb-usage) + [Disable USB usage](#disable-usb-usage)
- **[Tools](#tools)** - **[Tools](#tools)**
* [Logging and Auditing](#logging-and-auditing) * **[Logging and Auditing](#logging-and-auditing)**
+ [Auditd](#auditd) + [Auditd](#auditd)
+ [OSSEC](#ossec)
+ [Tiger](#tiger) + [Tiger](#tiger)
+ [Aide](#aide) + [Aide](#aide)
+ [Logwatch](#logwatch) + [Logwatch](#logwatch)
* [Other](#other) * **[SELinux](#selinux)
* **[Other](#other)**
+ [Fail2ban](#fail2ban) + [Fail2ban](#fail2ban)
+ [PSAD](#psad) + [PSAD](#psad)
+ [SELinux](#selinux)
+ [Entropy daemon](#entropy-daemon) + [Entropy daemon](#entropy-daemon)
+ [Centralized authentication service](#centralized-authentication-service) + [Centralized authentication service](#centralized-authentication-service)
* [Testing tools](#testing-tools) * **[Testing tools](#testing-tools)**
+ [Lynis](#lynis) + [Lynis](#lynis)
+ [Chrootkit](#chrootkit) + [Chrootkit](#chrootkit)
- **[Services](#services)** - **[Services](#services)**
* **[Disable all unnecessary services](lib/services/disable_all_unnecessary_services.md#disable-all-unnecessary-services)** * **[Disable all unnecessary services](lib/services/disable_all_unnecessary_services.md#disable-all-unnecessary-services)**
+ [Common unix print system](lib/services/disable_all_unnecessary_services.md#eight_pointed_black_star-common-unix-print-system) + [Common unix print system](lib/services/disable_all_unnecessary_services.md#eight_pointed_black_star-common-unix-print-system)
+ [Summary checklist](lib/services/disable_all_unnecessary_services.md#ballot_box_with_check-summary-checklist) + [Summary checklist](lib/services/disable_all_unnecessary_services.md#ballot_box_with_check-summary-checklist)
* [System services](#system-services) * **[System services](#system-services)**
+ [OpenSSH](#openssh) + [OpenSSH](#openssh)
+ [NTP](#ntp) + [NTP](#ntp)
+ [Cron](#cron) + [Cron](#cron)
+ [Anacron](#anacron) + [Anacron](#anacron)
+ [GnuPG 2](#gnupg2) + [GnuPG 2](#gnupg2)
+ [Unattended key generation](#unattended-key-generation) + [Unattended key generation](#unattended-key-generation)
* [DNS services](#dns-services) * **[DNS services](#dns-services)**
+ [Bind9](#bind9) + [Bind9](#bind9)
* [Mail services](#mail-services) + [Unbound](#unbound)
+ [Knot Resolver](#knot-resolver)
* **[Mail services](#mail-services)**
+ [Postfix](#postfix) + [Postfix](#postfix)
* **[Web services](lib/services/web_services.md#web-services)** * **[Web services](lib/services/web_services.md#web-services)**
+ [Nginx](lib/services/web_services.md#nginx) + [Nginx](lib/services/web_services.md#nginx)
@@ -164,19 +170,18 @@
- [Diffie Hellman Ephemeral Parameter](lib/services/web_services.md#eight_pointed_black_star-diffie-hellman-ephemeral-parameter) - [Diffie Hellman Ephemeral Parameter](lib/services/web_services.md#eight_pointed_black_star-diffie-hellman-ephemeral-parameter)
- [Security related headers](lib/services/web_services.md#eight_pointed_black_star-security-related-headers) - [Security related headers](lib/services/web_services.md#eight_pointed_black_star-security-related-headers)
+ [Apache](#apache) + [Apache](#apache)
* [Databases](#databases) * **[Databases](#databases)**
+ [PostgreSQL](#postgresql) + [PostgreSQL](#postgresql)
+ [MySQL](#mysql) + [MySQL](#mysql)
+ [Redis](#redis) + [Redis](#redis)
* [Queues](#queues) * **[Queues](#queues)**
+ [AMQP](#amqp) + [AMQP](#amqp)
- **[Containers](#containers)** - **[Containers](#containers)**
* [LXC/LXD](#lxc-lxd) * **[LXC/LXD](#lxc-lxd)**
* [Docker](#docker) * **[Docker](#docker)**
* [Hashicorp suite](#hashicorp-suite) * **[Hashicorp suite](#hashicorp-suite)**
- **[Deployment](#deployment)** - **[Deployment](#deployment)**
- **[Testing configuration](#testing-configuration)** - **[Testing configuration](#testing-configuration)**
- **[External resources](#external-resources)**
## Introduction ## Introduction