Doublecheck the Security of Your Linux
-
Users often take Linux or other OS vendors at their word for being foolproof and not needing additional security levers. Sysadmins don’t have the luxury of thinking that way. Otherwise, certain shady characters will aim for this weak spot and compromise your IT infrastructure. Fortunately, several tips can substantially toughen up your Linux servers.Read the full article by Benoit Voirin, a Cyber Security consultant, about which commands and steps you should make to harden your Linux servers’ security right now.
-
Just a couple notes from the article:
-
You cannot set a bootloader password for AWS or other cloud services
-
Apt Armor is specific to Ubuntu / Debian. SELinux is used on RHEL / CentOS / Fedora
-
-
Also changing the SSH Port is not a guarantee that your SSH Port won't be exploited.
-
@dbeato said in Doublecheck the Security of Your Linux:
Also changing the SSH Port is not a guarantee that your SSH Port won't be exploited.
Just makes the logs easier to read, if you are reading them
-
@scottalanmiller Yup.
-
@dbeato said in Doublecheck the Security of Your Linux:
Also changing the SSH Port is not a guarantee that your SSH Port won't be exploited.
CIS is weird. They dont care about SSH, but want you to change your database ports. Considering Many apps are three tiered, its almost like having an enemy army breach your outer walls, take over your city, and instead of fleeing the castle you decide that hiding in it is a valid strategy.
-
@IRJ said in Doublecheck the Security of Your Linux:
Just a couple notes from the article:
-
You cannot set a bootloader password for AWS or other cloud services
-
Apt Armor is specific to Ubuntu / Debian. SELinux is used on RHEL / CentOS / Fedora
AppArmor is default on SUSE as well. And you can run SELinux on Debian / Ubuntu if you want.
BTW, AppArmor just replaced SELinux as default on Debian 10. So that was only a couple of months ago.
-