Hardening
Improve the security of your Linux systems using the principes of system hardening. Learn the steps to take and how to audit for an effective defense.
How to secure a Linux system
Looking to secure your Linux system? This security guide shows you how to perform system hardening and run technical audits to keep it in optimal condition.
Ubuntu system hardening guide for desktops and servers
Step by step guide to secure any Ubuntu desktop or server. Harden your Ubuntu during installation and afterwards with the available security tips.
Linux security guide: the extended version
Feeling overwhelmed with the options available to secure your Linux system? With this guide, we walk step-by-step through the option, tools, and resources.
How much system hardening should you do?
System hardening is the process of improving security defenses of desktop and servers. It is usually time-consuming, so let's decide when enough is enough.
Security Defenses to Fortify your Linux Systems
Your Linux systems should be protected against common security attacks. By using 4 common techniques, we can fortify our systems like a real fortress.
Forget Linux Vulnerability Scanning: Get Better Defenses
Vulnerability scanning focuses on weaknesses, or negative aspects of information security. A new look at an existing issue.
Increase kernel integrity with disabled Linux kernel modules loading
The Linux kernel can be configured to disallow loading new kernel modules. Learn how this may help and how to configure this behavior in the sysctl settings.
Lock Down Strategies for Linux Servers
Securing a Linux system is called system hardening. Learn more about strategies to properly lock down Linux systems, from networking up to file integrity.
Find the alternatives: CIS-CAT auditing tool
Sometimes time or money is limited. We hunt to find great alternatives to commercial solutions. This time alternatives for the CIS auditing tool CIS-CAT.
5 Basic Principles of Linux System Security
With five basic security principles we can improve system security of almost any Linux system. Start here your journey to learn them.
Why Linux security hardening scripts might backfire
We talk about the risks when using Linux security hardening scripts in this article. Hardening Linux with scripts might look like a nice idea, but is it?
Using Open Source Auditing Tools as alternative to CIS Benchmarks
Hardening guides, and the CIS benchmarks in particular, are a great resource to harden your system. But there are alternatives.
Disable SSLv3 in Lighttpd to protect against POODLE attack
Protecting against the POODLE attack with Lighttpd is easy by changing its configuration. Disable SSLv2 and SSLv3 to limit the attacks on the SSL protocol.
Finding setuid binaries on Linux and BSD
To perform a basic audit of the binaries on your system, we can search for setuid binaries. Finding these setuid binaries is easy with the find command.
Linux capabilities 101
Introduction guide and tutorial about the inner workings of Linux capabilities and how these capabilities are applied when running Linux processes.
Protect against ptrace of processes: kernel.yama.ptrace_scope
Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.
Filtering ARP traffic with Linux arptables
Filtering ARP traffic is easy with the arptables utility. In this article we look at the possibilities of arptables and provides example of using it.
Linux Capabilities: Hardening Linux binaries by removing setuid
Setuid binaries may be a risk for the system. We will investigate how to remove the setuid bit and use Linux capabilities instead, to reduce the risks.
Securing mount points on Linux
Since data is stored on file systems, appropriate measures should be taken to protect it. Learn how to secure mount points on Linux.
Alternatives to Bastille Linux: system hardening with Lynis
Bastille Linux is a great tool for hardening of Linux systems. With the project looking outdated (or even dead), there are new alternatives to Bastille.
Protect against the BEAST attack in Nginx
The BEAST attack showed up in 2011 and some servers are still vulnerable to it. With the right protocols, ciphers and preference, we can keep the BEAST out.
Configure HSTS (HTTP Strict Transport Security) for Apache and Nginx
HTTP Strict Transport Security (HSTS) is a security capability to force clients to use HTTPS. In this article, we implement HSTS for Apache and Nginx.
Do NOT use Linux hardening checklists for your servers
The solution to avoid using Linux hardening checklists for your servers is simple. With proper automation and regular checks, checklists could be avoided.
Hardening Guides and Tools for Red Hat Linux (RHEL)
Overview of tools and hardening guides to implement system hardening for Red Hat Linux. Also applies Fedora, CentOS and Scientific Linux systems.
Linux server hardening and best practices
One of the myths is that Linux systems are secure by default. Learn what kind of measures you can implement and which security tools help with that.
Linux server security: Three steps to secure each system
Article about Linux server security and guidance for securing your Linux systems. Focus on auditing, hardening and compliance, to improve security defenses.
Linux kernel security and how to improve it
Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.
FreeBSD hardening with Lynis
This article provides tips for FreeBSD hardening by using a powerful tool named Lynis. This script will perform an extensive audit to secure your systems.
How to use Lynis
Article about how to use Lynis, a security auditing and hardening tool to test Unix and Linux based systems for vulnerabilities.
Lynis hardening index
Lynis uses a hardening index which is displayed at the end of the scan. What does it mean and how does it help? This article explains the rationale behind it.