Link to this headingHardening Linux
Guides:
- This guide details the planning and the tools involved in creating a secure Linux production systems
Link to this headingKernel Hardening
A script for checking the hardening options in the Linux kernel config
Link to this headingAuditing
Auditing, system hardening, compliance testing
Link to this headingDistribution-specific hardening guides
Link to this headingCentOS/RHEL
Hardening CentOS 7
Hardening CentOS 7
Link to this headingDebian
Link to this headingSystemd Hardening
Hardening Systemd
https://github.com/desbma/shh automatic
https://roguesecurity.dev/blog/systemd-hardening
Common systemd hardening options:
# Example systemd service hardening configuration
[Service]
# Filesystem protections
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
# Network restrictions
PrivateNetwork=true
IPAddressDeny=any
# Capability restrictions
CapabilityBoundingSet=
AmbientCapabilities=
NoNewPrivileges=true
# User/group isolation
DynamicUser=true
ProtectKernelTunables=true
ProtectControlGroups=true
Link to this headingSandboxing
Link to this headingCageFS
Link to this headingChroot
Link to this headingLinux namespaces
Link to this headingVirtuozzo/OpenVZ
Link to this headingAppArmor/selinux
Link to this headingFirejail
Link to this headingLandrun
Landrun - Lightweight application sandboxing using Linux containers