this post was submitted on 05 Nov 2023
20 points (100.0% liked)

cybersecurity

3262 readers
12 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

I'm working on a guide focused on securing Linux servers and I'd like to ask you what your essential hardening techniques and tips are? Your feedback would be greatly appreciated

you are viewing a single comment's thread
view the rest of the comments
[–] boblin@infosec.pub 5 points 1 year ago

The CIS benchmarks for Linux are a good start. There are some off the shelf tools that let you run those, notably linux-bench. Another tool in a similar fashion is lynis. You can also use eBPF tools like callander to examine your workload behaviour and help tighten your seccomp policies.

Once you've established a baseline for your system, you'll next want to harden your environment. This means network scans, OWASP, etc. As far as off the shelf tools go, OpenVAS is quite popular even in Enterprise environments.

Finally there's the continuous security tasks. Continuous package updates, runtime security, log analysis, etc. There are some free tools that cover part of this like Security Onion, but if the price is right a SaaS tool can save you a lot of time.