Hardening Guides and Tools for Red Hat Linux (RHEL)

System hardening is an important part in securing computer networks. Each system should get the appropriate security measures to provide a minimum level of trust. In this post we have a look at some of the options when securing a Red Hat based system. This information applies to Red Hat Linux (RHEL), Fedora, CentOS, Scientific Linux and others.

Red Hat

Red Hat itself has a hardening guide for RHEL 4External link and is freely available.

CIS

The Center for Internet Security has guides, which are called “Benchmarks”. These benchmarks are available for the most popular operating systems, including Red Hat. While not always up-to-date with the latest release version, they provide valuable tips on securing your system. Some hardening snippets are included to automate the system hardening.

NSA

Also the NSA has a document created to hardening Red Hat. Unfortunately it’s outdated (RHEL 5), but might still be used to apply additional hardening measures on top of other guides. The PDFExternal link can be freely download.

Tools

There aren’t many tools which help in auditing or hardening systems, which are also freely available and up-to-date. This is exactly the reason why we maintain LynisExternal link and keep implementing new tests. Another big benefit of using a tool is automation. No hours of reading long pieces of text.

Some alternatives are TigerExternal link and Bastille LinuxExternal link , which look both unmaintained at the moment. CIS has also a tool of their own CIS-CAT, but this is not open source and only available for companies having a membership with them.

Tips

If you want to do an extensive check of your systems and implement proper hardening, then we advice to read the mentioned guides. Apply those principles which apply and appropriate for your environment. We argue that it’s better to use tooling and system automation though. It will save a lot of time, which can be invested in the actual system hardening.

2015-01-30: Updated to later Fedora 18 guide (newer, but still outdated in version number)

Related articles

Like to learn more? Here is a list of articles within the same category or having similar tags.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon