2018-06-23 (last updated at July 9th, 2018) Michael BoelenAuditing, Hardening, Linux 4 comments

How to secure a Linux system

Every Linux system will benefit from more security, especially if it contains sensitive data. With so many resources available on the internet, one might think that securing Linux has become easy. We know it is not. Linux system hardening takes a good amount of understanding about how the Linux kernel works. It also requires a good understanding of the operating system principles. In this guide, we will help you to get this understanding and provide you with tips and tools. The […]

2017-04-16 (last updated at July 6th, 2018) Michael BoelenEmail 8 comments

Postfix Hardening Guide for Security and Privacy

Postfix is a common software component on servers for receiving or sending email. It has a lot of configuration options available, including those to improve your Postfix security. This Postfix security and privacy guide will help with hardening your Postfix configuration. After you are finished, your system will have improved defenses against spam, abuse, and leaking sensitive data. Why Postfix hardening? Every service that is connected to the internet is sooner or later to be abused by automated scripts. For example, […]

2016-09-26 (last updated at July 18th, 2018) Michael BoelenHardening 6 comments

Ubuntu system hardening guide for desktops and servers

The system hardening process of a system is critical during and after installation. It helps the system to perform its duties properly. This blog post shows you several tips for Ubuntu system hardening. It will dive into the most critical steps to take first. Then more specific hardening steps can be added on top of these. As most security guides only tell you what to do, we will also go into more detail on why a specific security measure is […]

2016-09-22 (last updated at June 24th, 2018) Michael BoelenHardening, Linux, System Administration Leave a comment

Linux security guide: the extended version

Feeling overwhelmed with the resources available to secure your Linux system? With this Linux security guide, we walk step-by-step through the options, tools, and resources. After reading this article, you will be able to make educated decisions about what Linux security defenses to implement for your systems. You will be introduced to the right tools that help you automate and test your improvements. Instead, related articles and resources will be available in the text. The goal is to make this guide into […]

2016-09-19 (last updated at March 12th, 2017) Michael BoelenSoftware, System Administration 4 comments

Discover to which package a file belongs to

Related Packages and Files Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to. We have gathered this information for multiple Linux distributions. CentOS, Fedora, RHEL Show files for RPM packages rpm -qlp /path/to/file.rpm Show files for packages on […]

2016-08-30 (last updated at October 19th, 2020) Michael BoelenFile System 4 comments

Linux system hardening: adding hidepid to /proc mount point

When looking in /proc you will discover a lot of files and directories. Many of them are just numbers, which represent the information about a particular process ID (PID). By default, Linux systems are deployed to allow all local users to see this all information. This includes process information from other users. This could include sensitive details that you may not want to share with other users. By applying some file system configuration tweaks, we can change this behavior and improve the […]

2016-07-07 (last updated at July 6th, 2018) Michael BoelenKernel Leave a comment

Linux hardening with sysctl settings

The GNU/Linux kernel powers a lot of systems, from big mainframes to the Android device in your pocket. If you want to achieve more security on your Linux systems, it would make sense to start hardening there, right? While securing the kernel looks easy at first sight, there is more to it than initially meets the eye. We will have a look at some kernel options and how to select the best sysctl values for Linux systems. After reading this article […]

2016-01-11 (last updated at April 19th, 2023) Michael BoelenNetwork One comment

Linux Security Guide for Hardening IPv6

Linux Security Guide for Hardening IPv6 Version 6 of Internet Protocol is now 20+ years available. You would think it is widely available now, right? Not exactly. Still many internet providers don’t have it deployed for their customers. Hosting companies are not always eager to deploy it either. Mostly because of lacking knowledge. To get at east more knowledge shared on the security side of IPv6, we have crafted this guide. Hopefully it will be a practical guide for your […]

2015-10-06 Michael BoelenAuditing, Automation, Software 2 comments

Tiger is History, Long Live Modern Alternatives!

The History and Alternatives to the Tiger Security Tool Recently I saw some tweets showing up from an old friend: Tiger. Surprised to see it being promoted, as I know the tool for years, but never seen any new releases in the last years. Both are actually a shame. An outdated tool is usually of lower value. Promoting old tools might actually disappoint others and harm the initial trust in the software. History of Tiger In its day, the tool […]

2015-08-22 (last updated at February 26th, 2016) Michael BoelenHardening Leave a comment

Security Defenses to Fortify your Linux Systems

How to Fortify your Linux Systems Create a Linux security fortress; implementing security defenses using towers, bridges, and guards. Still many companies have difficulties implementing basic security measures. Even after years of websites being defaced, and customer records stolen, the same mistakes are made over and over again. While this all might sound like an unsolvable situation, information security is getting attention from more people. If you are responsible for the system management of Linux systems, ignoring security is no […]

2015-04-06 Michael BoelenHardening Leave a comment

Lock Down Strategies for Linux Servers

Locking Down Linux: Strategies Most of the security defenses on Linux, are based on the earlier performed hardening activities. By locking down components on the system, the chance of a full compromise is lowered. This step-by-step locking down is a time consuming process. Time to review some of the strategies which can be applied when you want to secure your systems. Strategy 1: Locking down processes The first area to lock down are system processes. After all, each system needs […]

2015-04-02 Michael BoelenAuditing, Automation, Compliance, Hardening 2 comments

Find the alternatives: CIS-CAT auditing tool

Alternatives to the CIS-CAT auditing tool The Center for Internet Security, CIS for short, is the organization behind several in-depth hardening guides. The quality of these hardening guides is outstanding, with a high level of detail. This high level of detail has one downside: it costs a lot of time to read, try and test the recommendations. Sometimes we simply don’t have the time to do an extensive audit by hand. Let alone the time to actually repeat the auditing […]

2015-03-19 Michael BoelenAuditing, Automation, Compliance Leave a comment

Security Integration: Configuration Management and Auditing

Configuration Management and Auditing Increased strength when combining tools for automation and security of IT environments Tools like Ansible, Chef, and Puppet are used a lot for rapid deployment and keeping systems properly configured. These tools in itself are great for ensuring consistency over your systems. So what is Configuration Management? Configuration management is the art of keeping systems properly configured. Usually companies start small, which equals manual configuration. Each time a new system is deployed, it is configured manually. […]

2015-01-26 Michael BoelenAutomation, Hardening One comment

Why Linux Security Hardening Scripts Might Backfire

Why Linux Security Hardening Scripts Might Backfire System administrators and engineers love to automate things. In the quest to get everything replaced by a script, automated hardening of systems is often requested. Unfortunately this automation might later backfire, resulting in a damaged trust in system hardening. Why System Hardening? The act of increasing system defenses is a good practice. It helps protecting your valuable data, so it can only be used by authorized people. System hardening itself consists of minimizing […]

2014-12-24 (last updated at June 22nd, 2018) Michael BoelenAuditing, Compliance, Hardening, SCAP Leave a comment

Using Open Source Auditing Tools as alternative to CIS Benchmarks

Using Open Source Auditing Tools An alternative to CIS Benchmarks and hardening guides Hardening guides, and the CIS benchmarks in particular, are a great resource to check your system for possible weaknesses and conduct system hardening. But who has the time to read it cover to cover, and apply every single step? In this article, we have a look at the alternative: open source auditing tools. Time.. Hardening is a time-consuming task. As security specialists, we know that. It involves […]

12 »