Linux Security Hardening

From NovaOrdis Knowledge Base
Revision as of 04:28, 22 April 2018 by Ovidiu (talk | contribs) (→‎sshd)
Jump to navigation Jump to search

Internal

Overview

Steps

Minimal Footprint

Install a minimal image and add utilities as needed.

Eliminate Users

Remove all unneeded users.

root

Change the root's password to a long, random one.

Scan for Services Listening on Ports

 netstat -tupln

Eliminate:

sshd

  • Create a special login user with a random name and a long, random password:
groupadd -g 1200 m3rt50acc
useradd -g 1200 -m -u 1200 m3rt50acc

Possibly add public key to authorized_keys.

TODO

  • Penetration detection.