System Hardening articles

Last change: 2025-01-10

The lynis command runs a security audit on Linux systems to test for vulnerable packages, security issues, and possible improvements for system hardening.

Last change: 2025-01-06

Harden Linux system services by restricting systemd units with the SecureBits setting, which enables special behavior related to Linux capabilities.

Last change: 2025-01-06

Harden Linux system services by restricting systemd units to remove any Inter-Process Communication (IPC) objects are a service is stopped.

Last change: 2025-01-06

Harden Linux system services by restricting systemd units to change the hostname or NIS domain name of the system with the unit setting ProtectHostname.

Last change: 2025-01-06

Harden system and user services by restricting systemd units to access data in home directories with the unit setting ProtectHome.

Last change: 2025-01-06

Learn about the most important changes that form the major 3.x release of the Lynis project, including security enhancements and new tests.

Last change: 2025-01-06

Looking to secure your Linux system? This security guide shows you how to perform system hardening and run technical audits to keep it in optimal condition.

Last change: 2025-01-06

Demand for Linux security experts has risen over the last years. This article shows the relevant Linux security topics and required skills. Do you master them?

Last change: 2025-01-06

Step by step guide to secure any Ubuntu desktop or server. Harden your Ubuntu during installation and afterwards with the available security tips.

Last change: 2025-01-06

Feeling overwhelmed with the options available to secure your Linux system? With this guide, we walk step-by-step through the option, tools, and resources.

Last change: 2025-01-06

The pseudo-filesystem /proc contains a lot of useful information for the system administrator. With the hidepid option we can restrict what users can see.

Last change: 2025-01-06

System hardening is the process of improving security defenses of desktop and servers. It is usually time-consuming, so let's decide when enough is enough.

Last change: 2025-01-06

The Linux kernel can be secured with the help of kernel tunables called sysctl keys. Learn how system hardening principles can be applied using sysctl.

Last change: 2025-01-06

Extensive guide to help you secure your IPv6 configuration on Linux. From initial set-up to hardening the kernel with sysctl.

Last change: 2025-01-06

The tiger tool was known for a long time to help with auditing Unix-based systems. Fortunately there are new tools that are better maintained.

Last change: 2025-01-06

Your Linux systems should be protected against common security attacks. By using 4 common techniques, we can fortify our systems like a real fortress.

Last change: 2025-01-06

Securing a Linux system is called system hardening. Learn more about strategies to properly lock down Linux systems, from networking up to file integrity.

Last change: 2025-01-06

The solution to avoid using Linux hardening checklists for your servers is simple. With proper automation and regular checks, checklists could be avoided.

Last change: 2025-01-06

Information about the HashKnownHosts option in the SSH configuration file. Explains how to audit and tune this option to secure an Unix based system.

Last change: 2025-01-06

One of the myths is that Linux systems are secure by default. Learn what kind of measures you can implement and which security tools help with that.

Last change: 2025-01-06

Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.