Link to this headingHardening Linux

Guides:

Link to this headingKernel Hardening

A script for checking the hardening options in the Linux kernel config

Link to this headingAuditing

Auditing, system hardening, compliance testing

Link to this headingDistribution-specific hardening guides

Link to this headingCentOS/RHEL

Hardening CentOS 7
Hardening CentOS 7

Link to this headingDebian

Securing Debian Manual

Basic Server Securing

IPtable Rules to prevent DDOS

SCUTUM configures your personal computer automatically against malicious TCP/UDP traffic and ARP spoofing attacks.

Desktop Linux Hardening

Link to this headingSystemd Hardening

Hardening Systemd
https://github.com/desbma/shh automatic
https://roguesecurity.dev/blog/systemd-hardening

Common systemd hardening options:

# Example systemd service hardening configuration [Service] # Filesystem protections ProtectSystem=strict ProtectHome=true PrivateTmp=true PrivateDevices=true # Network restrictions PrivateNetwork=true IPAddressDeny=any # Capability restrictions CapabilityBoundingSet= AmbientCapabilities= NoNewPrivileges=true # User/group isolation DynamicUser=true ProtectKernelTunables=true ProtectControlGroups=true

Link to this headingSandboxing

Link to this headingCageFS

Link to this headingChroot

Link to this headingLinux namespaces

Link to this headingVirtuozzo/OpenVZ

Link to this headingAppArmor/selinux

Link to this headingFirejail

Firejail GitHub Repository

Link to this headingLandrun

Landrun - Lightweight application sandboxing using Linux containers