Linux Security and Hardening
Version 2019
System Security
Kernel Security and Hardening
Physical Security
Password Policies and Security
Auto Logout
Disks and Partitions Security
Disk Encryption Guide
Disk Quota and Space Management
Anti-virus
Rootkit Detection Tools
Security Audit Tools
Host-based Intrusion Detection System
Log and Log Management
Network Security
NTP Service
Firewall
SSH Security
Bootloader Security
8. Bostandoust.IR
#4
Don’t Use Graphical Environment on Servers
Real sysadmins do not needs any graphical environments!
# yum group remove "X Window System"
# yum group remove "GNOME Desktop"
# yum group remove "Server with GUI"
20. Bostandoust.IR
#16
Auto Logout Inactive Users After a Period of Time
# vi /etc/profile.d/autologout.sh
TMOUT = 120
readonly TMOUT
export TMOUT
# chmod +x /etc/profile.d/autologout.sh
21. Bostandoust.IR
#17
Restrict “cron” / “at” Usage To Authorized Users
# rm -f /etc/cron.deny
# echo USER >> /etc/cron.allow
# rm -f /etc/at.deny
# echo USER >> /etc/at.allow
37. Bostandoust.IR
#33
Turn Off IPv6 only if you are NOT using it
# echo install ipv6 /bin/true >> /etc/modprobe.conf
GRUB_CMDLINE_LINUX=”ipv6.disable=1”
# echo net.ipv6.conf.all.disable_ipv6 = 1 >> /etc/sysctl.conf
38. Bostandoust.IR
#34
Secure Access to OpenSSH Server
# vi /etc/ssh/sshd_config
HostbasedAuthentication no
ChallengeResponseAuthentication no
PasswordAuthentication no
PubkeyAuthentication yes
PermitEmptyPasswords no
IgnoreRhosts yes
PermitRootLogin no
X11Forwarding no
AllowUsers USER1 USER2