Hardening Guides and Tools for Red Hat Linux (RHEL)

Hardening Guides and Tools for Red Hat Linux (RHEL)

System hardening is an important part in securing computer networks. Each system should get the appropriate security measures to provide a minimum level of trust. In this post we have a look at some of the options when securing a Red Hat based system. This information applies to Red Hat Linux (RHEL), Fedora, CentOS, Scientific Linux and others.

Red Hat

Red Hat itself has a hardening guide for RHEL 4 and is freely available. For their small brother Fedora they have also a hardening guide available, although this one is dated of a couple years back.


The Center for Internet Security has guides, which are called “Benchmarks”. These benchmarks are available for the most popular operating systems, including Red Hat. While not always up-to-date with the latest release version, they provide valuable tips on securing your system. Some hardening snippets are included to automate the system hardening.

The benchmarks for hardening Red Hat can be found at the Red Hat section.


Also the NSA has a document created to hardening Red Hat. Unfortunately it’s outdated (RHEL 5), but might still be used to apply additional hardening measures on top of other guides. The PDF can be freely download.


There aren’t many tools which help in auditing or hardening systems, which are also freely available and up-to-date. This is exactly the reason why we maintain Lynis and keep implementing new tests. Another big benefit of using a tool is automation. No hours of reading long pieces of text.

Some alternatives are Tiger and Bastille Linux, which look both unmaintained at the moment. CIS has also a tool of their own (CIS-CAT), which is released for companies having a membership with them.


If you want to do an extensive check of your systems and implement proper hardening, then we advice to read the mentioned guides. Apply those principles which apply and appropriate for your environment. We argue that it’s better to use tooling and system automation though. It will save a lot of time, which can be invested in the actual system hardening.

2015-01-30: Updated to later Fedora 18 guide (newer, but still outdated in version number)

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package

Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.