mirror of
https://github.com/trimstray/the-practical-linux-hardening-guide.git
synced 2025-12-06 17:22:51 +01:00
trimstray
90
README.md
90
README.md
@@ -46,39 +46,39 @@
|
|||||||
|
|
||||||
- **[Contributing](#contributing)**
|
- **[Contributing](#contributing)**
|
||||||
- **[Pre install tasks](#pre-install-tasks)**
|
- **[Pre install tasks](#pre-install-tasks)**
|
||||||
* **[Physical system security](#physical-system-security)**
|
* **[Physical system security](lib/pre_install_tasks/physical_system_security.md#physical-system-security)**
|
||||||
+ [Introduction](#information_source-introduction)
|
+ [Introduction](lib/pre_install_tasks/physical_system_security.md#information_source-introduction)
|
||||||
+ [Secure rooms](#eight_pointed_black_star-secure-rooms)
|
+ [Secure rooms](lib/pre_install_tasks/physical_system_security.md#eight_pointed_black_star-secure-rooms)
|
||||||
+ [Monitoring](#eight_pointed_black_star-monitoring)
|
+ [Monitoring](lib/pre_install_tasks/physical_system_security.md#eight_pointed_black_star-monitoring)
|
||||||
+ [Air conditioning](#eight_pointed_black_star-air-conditioning)
|
+ [Air conditioning](lib/pre_install_tasks/physical_system_security.md#eight_pointed_black_star-air-conditioning)
|
||||||
+ [Fire protection](#eight_pointed_black_star-fire-protection)
|
+ [Fire protection](lib/pre_install_tasks/physical_system_security.md#eight_pointed_black_star-fire-protection)
|
||||||
+ [Locked racks](#eight_pointed_black_star-locked-racks)
|
+ [Locked racks](lib/pre_install_tasks/physical_system_security.md#eight_pointed_black_star-locked-racks)
|
||||||
+ [Console security](#eight_pointed_black_star-console-security)
|
+ [Console security](lib/pre_install_tasks/physical_system_security.md#eight_pointed_black_star-console-security)
|
||||||
+ [BIOS protection](#eight_pointed_black_star-bios-protection)
|
+ [BIOS protection](lib/pre_install_tasks/physical_system_security.md#eight_pointed_black_star-bios-protection)
|
||||||
+ [Summary checklist](#ballot_box_with_check-summary-checklist)
|
+ [Summary checklist](lib/pre_install_tasks/physical_system_security.md#ballot_box_with_check-summary-checklist)
|
||||||
* **[Hard disk encryption](#hard-disk-encryption)**
|
* **[Hard disk encryption](lib/pre_install_tasks/hard_disk_encryption.md#hard-disk-encryption)**
|
||||||
+ [Introduction](#information_source-introduction-1)
|
+ [Introduction](lib/pre_install_tasks/hard_disk_encryption.md#information_source-introduction)
|
||||||
+ [Encrypt root filesystem](#eight_pointed_black_star-encrypt-root-filesystem)
|
+ [Encrypt root filesystem](lib/pre_install_tasks/hard_disk_encryption.md#eight_pointed_black_star-encrypt-root-filesystem)
|
||||||
+ [Encrypt /boot partition](#eight_pointed_black_star-encrypt-boot-partition)
|
+ [Encrypt /boot partition](lib/pre_install_tasks/hard_disk_encryption.md#eight_pointed_black_star-encrypt-boot-partition)
|
||||||
+ [Swap partition](#eight_pointed_black_star-swap-partition)
|
+ [Swap partition](lib/pre_install_tasks/hard_disk_encryption.md#eight_pointed_black_star-swap-partition)
|
||||||
+ [Summary checklist](#ballot_box_with_check-summary-checklist-1)
|
+ [Summary checklist](lib/pre_install_tasks/hard_disk_encryption.md#ballot_box_with_check-summary-checklist)
|
||||||
- **[Post install tasks](#post-install-tasks)**
|
- **[Post install tasks](#post-install-tasks)**
|
||||||
* **[Bootloader configuration (grub)](#bootloader-configuration-grub)**
|
* **[Bootloader configuration (grub)](lib/post_install_tasks/bootloader_configuration.md#bootloader-configuration-grub)**
|
||||||
+ [Introduction](#information_source-introduction-2)
|
+ [Introduction](lib/post_install_tasks/bootloader_configuration.md#information_source-introduction)
|
||||||
+ [Protect bootloader with password](#information_source-protect-bootloader-with-password)
|
+ [Protect bootloader with password](lib/post_install_tasks/bootloader_configuration.md#eight_pointed_black_star-protect-bootloader-with-password)
|
||||||
+ [Protect bootloader config files](#information_source-protect-bootloader-config-files)
|
+ [Protect bootloader config files](lib/post_install_tasks/bootloader_configuration.md#eight_pointed_black_star-protect-bootloader-config-files)
|
||||||
+ [Summary checklist](#ballot_box_with_check-summary-checklist-2)
|
+ [Summary checklist](lib/post_install_tasks/bootloader_configuration.md#ballot_box_with_check-summary-checklist)
|
||||||
* **[Disk partitions](#disk-partitions)**
|
* **[Disk partitions](lib/post_install_tasks/disk_partitions.md#disk-partitions)**
|
||||||
+ [Introduction](#information_source-introduction-3)
|
+ [Introduction](lib/post_install_tasks/disk_partitions.md#information_source-introduction)
|
||||||
+ [Separate disk partitions](#eight_pointed_black_star-separate-disk-partitions)
|
+ [Separate disk partitions](lib/post_install_tasks/disk_partitions.md#eight_pointed_black_star-separate-disk-partitions)
|
||||||
+ [Mount options: nodev, noexec and nosuid](#eight_pointed_black_star-mount-options-nodev-noexec-and-nosuid)
|
+ [Mount options: nodev, noexec and nosuid](lib/post_install_tasks/disk_partitions.md#eight_pointed_black_star-mount-options-nodev-nosuid-and-noexec)
|
||||||
+ [Secure /boot directory](#eight_pointed_black_star-secure-boot-directory)
|
+ [Secure /boot directory](lib/post_install_tasks/disk_partitions.md#eight_pointed_black_star-secure-boot-directory)
|
||||||
+ [Secure /tmp and /var/tmp](#eight_pointed_black_star-secure-tmp-and-vartmp)
|
+ [Secure /tmp and /var/tmp](lib/post_install_tasks/disk_partitions.md#eight_pointed_black_star-secure-tmp-and-vartmp)
|
||||||
+ [Secure /dev/shm](#eight_pointed_black_star-secure-devshm)
|
+ [Secure /dev/shm](lib/post_install_tasks/disk_partitions.md#eight_pointed_black_star-secure-devshm)
|
||||||
+ [Secure /proc filesystem](#eight_pointed_black_star-secure-proc-filesystem)
|
+ [Secure /proc filesystem](lib/post_install_tasks/disk_partitions.md#eight_pointed_black_star-secure-proc-filesystem)
|
||||||
+ [Swap partition](#eight_pointed_black_star-swap-partition-1)
|
+ [Swap partition](lib/post_install_tasks/disk_partitions.md#eight_pointed_black_star-swap-partition)
|
||||||
+ [Disk quotas](#eight_pointed_black_star-disk-quotas)
|
+ [Disk quotas](lib/post_install_tasks/disk_partitions.md#eight_pointed_black_star-disk-quotas)
|
||||||
+ [Summary checklist](#ballot_box_with_check-summary-checklist-3)
|
+ [Summary checklist](lib/post_install_tasks/disk_partitions.md#ballot_box_with_check-summary-checklist)
|
||||||
* **[Keep system updated](#keep-system-updated)**
|
* **[Keep system updated](#keep-system-updated)**
|
||||||
* [Package management](#package-management)
|
* [Package management](#package-management)
|
||||||
+ [Automatic security updates](#automatic-security-updates)
|
+ [Automatic security updates](#automatic-security-updates)
|
||||||
@@ -129,9 +129,9 @@
|
|||||||
+ [Lynis](#lynis)
|
+ [Lynis](#lynis)
|
||||||
+ [Chrootkit](#chrootkit)
|
+ [Chrootkit](#chrootkit)
|
||||||
- **[Services](#services)**
|
- **[Services](#services)**
|
||||||
* [Disable all unnecessary services](#disable-all-unnecessary-services)
|
* **[Disable all unnecessary services](lib/services/disable_all_unnecessary_services.md#disable-all-unnecessary-services)**
|
||||||
+ [Common unix print system](#eight_pointed_black_star-common-unix-print-system)
|
+ [Common unix print system](lib/services/disable_all_unnecessary_services.md#eight_pointed_black_star-common-unix-print-system)
|
||||||
+ [Summary Checklits](#ballot_box_with_check-summary-checklist-4)
|
+ [Summary checklist](lib/services/disable_all_unnecessary_services.md#ballot_box_with_check-summary-checklist)
|
||||||
* [System services](#system-services)
|
* [System services](#system-services)
|
||||||
+ [OpenSSH](#openssh)
|
+ [OpenSSH](#openssh)
|
||||||
+ [NTP](#ntp)
|
+ [NTP](#ntp)
|
||||||
@@ -143,16 +143,16 @@
|
|||||||
+ [Bind9](#bind9)
|
+ [Bind9](#bind9)
|
||||||
* [Mail services](#mail-services)
|
* [Mail services](#mail-services)
|
||||||
+ [Postfix](#postfix)
|
+ [Postfix](#postfix)
|
||||||
* [Web services](#web-services)
|
* **[Web services](lib/services/web_services.md#web-services)**
|
||||||
+ [Nginx](#nginx)
|
+ [Nginx](lib/services/web_services.md#nginx)
|
||||||
- [Files and directories permissions](#files-and-directories-permissions)
|
- [Files and directories permissions](lib/services/web_services.md#eight_pointed_black_star-files-and-directories-permissions)
|
||||||
- [Use HTTPS](#use-https)
|
- [Use HTTPS](lib/services/web_services.md#eight_pointed_black_star-use-https)
|
||||||
- [Enable HTTP2](#enable-http2)
|
- [Enable HTTP2](lib/services/web_services.md#eight_pointed_black_star-enable-http2)
|
||||||
- [Diffie Hellman Ephemeral Parameter](#diffie-hellman-ephemeral-parameter)
|
- [Separate domains](lib/services/web_services.md#eight_pointed_black_star-separate-domains)
|
||||||
- [Separate domains](#separate-domains)
|
- [Redirect all unencrypted traffic to HTTPS](lib/services/web_services.md#eight_pointed_black_star-redirect-all-unencrypted-traffic-to-https)
|
||||||
- [Redirect all unencrypted traffic to HTTPS](#redirect-all-unencrypted-traffic-to-https)
|
- [Enable HTTP Strict Transport Security](lib/services/web_services.md#eight_pointed_black_star-enable-http-strict-transport-security)
|
||||||
- [Enable HTTP Strict Transport Security](#enable-http-strict-transport-security)
|
- [Diffie Hellman Ephemeral Parameter](lib/services/web_services.md#eight_pointed_black_star-diffie-hellman-ephemeral-parameter)
|
||||||
- [Security related headers](#security-related-headers)
|
- [Security related headers](lib/services/web_services.md#eight_pointed_black_star-security-related-headers)
|
||||||
+ [Apache](#apache)
|
+ [Apache](#apache)
|
||||||
* [Databases](#databases)
|
* [Databases](#databases)
|
||||||
+ [PostgreSQL](#postgresql)
|
+ [PostgreSQL](#postgresql)
|
||||||
|
|||||||
Reference in New Issue
Block a user