Hardening

How to secure a Linux system

Looking to secure your Linux system? This security guide shows you how to perform system hardening and run technical audits to keep it in optimal condition.

Ubuntu system hardening guide for desktops and servers

Step by step guide to secure any Ubuntu desktop or server. Harden your Ubuntu during installation and afterwards with the available security tips.

Linux security guide: the extended version

Feeling overwhelmed with the options available to secure your Linux system? With this guide, we walk step-by-step through the option, tools, and resources.

How much system hardening should you do?

System hardening is the process of improving security defenses of desktop and servers. It is usually time-consuming, so let's decide when enough is enough.

Security Defenses to Fortify your Linux Systems

Your Linux systems should be protected against common security attacks. By using 4 common techniques, we can fortify our systems like a real fortress.

Forget Linux Vulnerability Scanning: Get Better Defenses

Vulnerability scanning focuses on weaknesses, or negative aspects of information security. A new look at an existing issue.

Increase kernel integrity with disabled Linux kernel modules loading

The Linux kernel can be configured to disallow loading new kernel modules. Learn how to configure this.

Lock Down Strategies for Linux Servers

Strategies to properly lock down Linux systems, from networking up to file integrity.

Find the alternatives: CIS-CAT auditing tool

Sometimes time or money is limited. We hunt to find great alternatives to commercial solutions. This time alternatives for the CIS auditing tool CIS-CAT.

5 Basic Principles of Linux System Security

With 5 basic security principles we can improve system security of almost any Linux system.

Why Linux security hardening scripts might backfire

We talk about the risks when using Linux security hardening scripts in this article. Hardening Linux with scripts might look like a nice idea, but is it?

Using Open Source Auditing Tools as alternative to CIS Benchmarks

Hardening guides, and the CIS benchmarks in particular, are a great resource to harden your system. But there are alternatives.

Disable SSLv3 in Lighttpd to protect against POODLE attack

Protecting against the POODLE attack with Lighttpd is easy by changing its configuration. Disable SSLv2 and SSLv3 to limit the attacks on the SSL protocol.

Finding setuid binaries on Linux and BSD

To perform a basic audit of the binaries on your system, we can search for setuid binaries. Finding these setuid binaries is easy with the find command.

Linux capabilities 101

Introduction guide and tutorial about the inner workings of Linux capabilities and how these capabilities are applied when running Linux processes.

Protect against ptrace of processes: kernel.yama.ptrace_scope

Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.

Filtering ARP traffic with Linux arptables

Filtering ARP traffic is easy with the arptables utility. In this article we look at the possibilities of arptables and provides example of using it.

Linux Capabilities: Hardening Linux binaries by removing setuid

Setuid binaries may be a risk for the system. We will investigate how to remove the setuid bit and use Linux capabilities instead, to reduce the risks.

Securing mount points on Linux

Since data is stored on file systems, appropriate measures should be taken to protect it. Learn how to secure mount points on Linux.

Alternatives to Bastille Linux: system hardening with Lynis

Bastille Linux is a great tool for hardening of Linux systems. With the project looking outdated (or even dead), there are new alternatives to Bastille.

Protect against the BEAST attack in Nginx

The BEAST attack showed up in 2011 and some servers are still vulnerable to it. With the right protocols, ciphers and preference, we can keep the BEAST out.

Configure HSTS (HTTP Strict Transport Security) for Apache and Nginx

HTTP Strict Transport Security (HSTS) is a security capability to force clients to use HTTPS. In this article, we implement HSTS for Apache and Nginx.

Do NOT use Linux hardening checklists for your servers

The solution to avoid using Linux hardening checklists for your servers is simple. With proper automation and regular checks, checklists could be avoided.

Hardening Guides and Tools for Red Hat Linux (RHEL)

Overview of tools and hardening guides to implement system hardening for Red Hat Linux. Also applies Fedora, CentOS and Scientific Linux systems.

Linux server hardening and best practices

One of the myths is that Linux systems are secure by default. Learn what kind of measures you can implement and which security tools help with that.

Linux server security: Three steps to secure each system

Article about Linux server security and guidance for securing your Linux systems. Focus on auditing, hardening and compliance, to improve security defenses.

Linux kernel security and how to improve it

Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.

FreeBSD hardening with Lynis

This article provides tips for FreeBSD hardening by using a powerful tool named Lynis. This script will perform an extensive audit to secure your systems.

How to use Lynis

Article about how to use Lynis, a security auditing and hardening tool to test Unix and Linux based systems for vulnerabilities.

Lynis Hardening Index

What is the Lynis hardening index and how does it help? This article explains the rationale behind the hardening index.