====== Hardening Linux systems ====== My notes on Linux hardening. Right now I'm just gathering reference material to help build my own guide. Do not consider these links to be endorsements of any particular security model or configuration. ===== Firewall ===== * By default only ICMP and SSH should be allowed ===== Accounts ===== * No root password ===== SSH ===== * https://linux-audit.com/audit-and-harden-your-ssh-configuration/ * disable root logins * set login group * default port * firewall limits by IP ===== Patching ===== * Patch cycle * Verification of CVEs, etc. ===== SELinux ===== * https://en.wikipedia.org/wiki/Security-Enhanced_Linux * https://opensource.com/article/18/7/sysadmin-guide-selinux