Hardening Guides and Tools for Red Hat Linux (RHEL)

Hardening Guides and Tools for Red Hat Linux (RHEL)

System hardening is an important part in securing computer networks. Each system should get the appropriate security measures to provide a minimum level of trust. In this post we have a look at some of the options when securing a Red Hat based system. This information applies to Red Hat Linux (RHEL), Fedora, CentOS, Scientific Linux and others.

Red Hat

Red Hat itself has a hardening guide for RHEL 4 and is freely available. For their small brother Fedora they have also a hardening guide available, although this one is dated of a couple years back.

CIS

The Center for Internet Security has guides, which are called “Benchmarks”. These benchmarks are available for the most popular operating systems, including Red Hat. While not always up-to-date with the latest release version, they provide valuable tips on securing your system. Some hardening snippets are included to automate the system hardening.

The benchmarks for hardening Red Hat can be found at the Red Hat section.

NSA

Also the NSA has a document created to hardening Red Hat. Unfortunately it’s outdated (RHEL 5), but might still be used to apply additional hardening measures on top of other guides. The PDF can be freely download.

Tools

There aren’t many tools which help in auditing or hardening systems, which are also freely available and up-to-date. This is exactly the reason why we maintain Lynis and keep implementing new tests. Another big benefit of using a tool is automation. No hours of reading long pieces of text.

Some alternatives are Tiger and Bastille Linux, which look both unmaintained at the moment. CIS has also a tool of their own (CIS-CAT), which is released for companies having a membership with them.

Tips

If you want to do an extensive check of your systems and implement proper hardening, then we advice to read the mentioned guides. Apply those principles which apply and appropriate for your environment. We argue that it’s better to use tooling and system automation though. It will save a lot of time, which can be invested in the actual system hardening.

2015-01-30: Updated to later Fedora 18 guide (newer, but still outdated in version number)

Automate security audits with Lynis and Lynis Enterprise
Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series to get Linux (and Unix-based) systems more secure.

Daily security checks

Want to go to the next level of security scanning and system hardening? Start with automated security scans for Linux: Lynis and Lynis Enterprise.


Automate Scanning »