The tool can use expanding lockout durations, so the first attempt creates a short lockout, but the next creates a one-day lockout. It takes the attacker forever to get through anything close to the available 65,536 ports. This renders the port scan ineffective as an attack toolin the short term, while making attacks easier to identify and catch and respond to by IT and security teams. We start by taking a look at Linux security in general before moving on to physical security and the countermeasures you can employ to protect your hardware.

This checklist has been created based on our knowledge and additional research. A critical view on any of the suggestions is not just a good idea, but required. This way you gain the best possible understanding of the subject and make the right decision. After all, you have to decide what is best for your Linux systems when it comes to hardening them. So whatever you encounter on other websites or in this particular checklist, follow the saying Trust, but verify.

Leader in Intelligent Identity & Secure Access

In the world of Linux, managing files and directories is a fundamental task, and the mv command is… Intrusion Detection Systems (IDS) monitor network or system activities for malicious activities or policy violations. Tools like Snort or Suricata can be used Linux Hardening and Security Lessons for network-based IDS, while AIDE or Samhain can be used for host-based intrusion detection. Lynis is an open source security tool that can test these specific items. Nixarmor is a set of shell scripts to harden Linux systems and help with security automation.

Gil Cattelain is Principal Product Marketing Manager for Red Hat Enterprise Linux. Cattelain has more than 20 years’ experience as a leader in high-tech software product marketing with a proven track record of managing major product releases and go-to-market strategies. This checklist is created based on years of expertise in the field of Linux security. Before making changes to systems, special care should go into testing. This is even more important for changes made to systems that are in production. For those items that you don’t fully understand, follow up by doing more research first instead of just copy-pasting configuration snippets.

Product information

Enhancements in RHEL help you improve the security of your IT environment and maintain the trust of your most important stakeholders. Jay Beale has created several defensive security tools, including Bastille Linux/UNIX and the CIS Linux Scoring Tool, both of which were used widely throughout industry and government. He has led training classes on Linux Hardening and other topics at Black Hat, CanSecWest, RSA, and IDG conferences, as well as in private corporate training. Jay is a co-founder, Chief Operating Officer and CTO of the information security consulting company InGuardians. In this webinar, we attack the Breach2 “Capture the Flag” (CTF) virtual machine (VM), created by @mrb3n. The Breach CTF virtual machines are all themed on the classic cult movie, Office Space.

In addition to Linux, Jason has experience supporting proprietary Unix operating systems including AIX, HP-UX, and Solaris. By the end of this course you will be able to tighten up the security on any Linux system. You’ll learn the security weaknesses of the Linux operating system and be given step-by-step instructions on how to protect those weaknesses. You’ll even learn some security concepts that apply to information security as a whole while focusing on the Linux specific issues that require special consideration.

Linux: Bash Shell and Scripts

Without applying the security hardening measure described, the probability is much higher than my attacker will have what they need be successful in their cyber assault. In my Linux Attack and Defense webinar series, I demonstrate attacks on Linux systems, then show how proactive security hardening could block the attacks. The immense value of proactive hardening is that it can eliminate security vulnerabilities that you don’t even know are present. Jason has professional experience with CentOS, RedHat Enterprise Linux, SUSE Linux Enterprise Server, and Ubuntu. He has used several Linux distributions on personal projects including Debian, Slackware, CrunchBang, and others.

In the area of system operations or information security, the usage of any checklist requires a serious warning. Implementing the listed security measures only makes your system more secure if done correctly. There are no ’10 things’ that are the best, as it depends strongly on each system and its purpose. When you come across other checklists with a number in the title, then most likely it’s not a real checklist.