Home

Welcome to The Practical Linux Hardening Guide wiki!

You can file an issue about it and ask that it be added.

Security is the fine art of doing the right things, even if they in itself don't always look to be having a big impact. It's always a balance between ease of use and protection.

This guide use following OpenSCAP configurations:

U.S. Government Commercial Cloud Services (C2S) baseline inspired by CIS v2.1.1

C2S for Red Hat Enterprise Linux 7 v0.1.43.
Red Hat Enterprise Linux 7 Security Technical Implementation Guide (STIG)

The requirements are derived from the (NIST) 800-53 and related documents.

The Practical Linux Hardening Guide provides a high-level overview of the hardening GNU/Linux systems. It is not an official standard or handbook but it touches and use industry standards.

Basic information

`Core Layer`

`Kernel Layer`

`Extended Layer`

Entropy
Compilers
Devices

`Logging & Auditing`

Syslog
OSSEC
Tiger
Aide
Logwatch

`System Services`

NTP
Cron
GnuPG 2

`Other Services`

Bind9
Unbound
Postfix
Nginx
Apache
PostgreSQL
MySQL
Redis
AMQP

`Containers`

LXC/LXD
Docker

Provide feedback

Saved searches

Use saved searches to filter your results more quickly