Przejdลบ do treล›ci

๐Ÿ›ก๏ธ Linux Hardening (Advanced)

Security best practices for production-grade Linux servers.

๐Ÿ” SSH Hardening

1
2
3
4
5
6
PasswordAuthentication no
PermitRootLogin no
PubkeyAuthentication yes
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

Restart:

1
sudo systemctl restart sshd

๐Ÿงฑ Kernel Hardening (sysctl)

Edit:

1
/etc/sysctl.conf

Recommended:

1
2
3
4
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.kptr_restrict = 2
kernel.dmesg_restrict = 1

Apply:

1
sudo sysctl -p

๐Ÿ”ฅ Firewall Strategy

  • Deny all incoming
  • Allow only required ports
  • Use UFW or iptables
  • Monitor logs

๐Ÿงฉ Fail2ban

1
2
sudo apt install fail2ban
sudo systemctl enable fail2ban

๐Ÿšจ File Integrity Monitoring

Tools:

  • AIDE
  • Tripwire
  • Auditd

๐Ÿ›ก๏ธ Additional Hardening

  • Disable unused services
  • Remove unnecessary packages
  • Enforce strong passwords
  • Use 2FA for SSH (optional)