The Practical Linux Hardening Guide

"Did you know all your doors were locked?" - Riddick (The Chronicles of Riddick)

_{Created by trimstray and contributors}

💥 Work in progress, just a moment... First, I update a Table Of Content.

---

Table Of Content

• Checklist - document the host information
• Pre install tasks
  • Physical system security
    • BIOS protection
  • Partitioning scheme
  • Hard disk encryption
  • Bootloader configuration
• Post install tasks
  • Keep system updated
  • Package management
    • Remove packages with known issues
  • Netfilter ruleset
  • TCP wrapper
  • Users and groups
    • Limit su access
    • Disable root account
    • Logins to system console
    • Disable shell accounts
    • Strong password policy
    • Password aging
    • Previous passwords
    • Login failures
  • System path permissions
    • World writable files
  • Disk partitions
    • Secure /tmp and /var/tmp
    • Disk quotas
  • PAM module
  • Limits
  • Shadow passwords
  • Linux kernel hardening
  • Kernel parameters
    • Improve network security
    • Improve system security
  • Remove unused modules
  • Secure shared memory
  • IRQ balance
  • Disable compilers
  • Email notifications
  • Backups
• Tools
  • Logging and Auditing
    • Auditd
    • Tiger
    • Aide
    • Logwatch
  • Other
    • Fail2ban
    • PSAD
    • SELinux
    • Centralized authentication service
  • Testing tools
    • Lynis
    • Chrootkit
• Hardening Services
  • Disable all unnecessary
  • System services
    • OpenSSH
    • NTP
    • Cron
    • Anacron
  • DNS services
    • Bind9
  • Mail services
    • Postfix
  • Web services
    • Nginx
    • Apache
• Testing configuration
• External resources