Hardening Guides and Tools for Red Hat Linux (RHEL)

System hardening is an important part in securing computer networks. Each system should get the appropriate security measures to provide a minimum level of trust. In this post we have a look at some of the options when securing a Red Hat based system. This information applies to Red Hat Linux (RHEL), Fedora, CentOS, Scientific Linux and others.

Red Hat

Red Hat itself has a hardening guide for RHEL 4 and is freely available.


The Center for Internet Security has guides, which are called “Benchmarks”. These benchmarks are available for the most popular operating systems, including Red Hat. While not always up-to-date with the latest release version, they provide valuable tips on securing your system. Some hardening snippets are included to automate the system hardening.


Also the NSA has a document created to hardening Red Hat. Unfortunately it’s outdated (RHEL 5), but might still be used to apply additional hardening measures on top of other guides. The PDF can be freely download.


There aren’t many tools which help in auditing or hardening systems, which are also freely available and up-to-date. This is exactly the reason why we maintain Lynis and keep implementing new tests. Another big benefit of using a tool is automation. No hours of reading long pieces of text.

Some alternatives are Tiger and Bastille Linux, which look both unmaintained at the moment. CIS has also a tool of their own CIS-CAT, but this is not open source and only available for companies having a membership with them.


If you want to do an extensive check of your systems and implement proper hardening, then we advice to read the mentioned guides. Apply those principles which apply and appropriate for your environment. We argue that it’s better to use tooling and system automation though. It will save a lot of time, which can be invested in the actual system hardening.

2015-01-30: Updated to later Fedora 18 guide (newer, but still outdated in version number)


Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.

Mastodon icon