Slide 1
Most trusted JOB oriented professional program
DevOps Certified Professional (DCP)

Take your first step into the world of DevOps with this course, which will help you to learn about the methodologies and tools used to develop, deploy, and operate high-quality software.

Slide 2
DevOps to DevSecOps – Learn the evolution
DevSecOps Certified Professional (DSOCP)

Learn to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

Slide 2
Get certified in the new tech skill to rule the industry
Site Reliability Engineering (SRE) Certified Professional

A method of measuring and achieving reliability through engineering and operations work – developed by Google to manage services.

Slide 2
Master the art of DevOps
Master in DevOps Engineering (MDE)

Get enrolled for the most advanced and only course in the WORLD which can make you an expert and proficient Architect in DevOps, DevSecOps and Site Reliability Engineering (SRE) principles together.

Slide 2
Gain expertise and certified yourself
Azure DevOps Solutions Expert

Learn about the DevOps services available on Azure and how you can use them to make your workflow more efficient.

Slide 3
Learn and get certified
AWS Certified DevOps Professional

Learn about the DevOps services offered by AWS and how you can use them to make your workflow more efficient.

previous arrow
next arrow

Complete Referance of Hardening in Linux Security

Spread the Knowledge
  • System Hardening Overview
  • Batille
  • Securing X-Windows
  • Securing Linux Daemons
  • Security patches
  • Security Benchmarks

System Hardening Overview

  • Linux, like other operatingsystems, is not secure “out of the box”
  • Security increases as newer versions and distros come out
  • Users/administrators still need to take steps to “harden” systems
  • Items typically requiring securing/hardening include:
  • X-Windows
  • System daemons
  • Networking services


  • Scripts walk SA through several modules, automates changing a large number of configurable system items
  • Has modules for checking and configuring Internet services, suid(set-user-ID) files, account and boot security, and TCP wrappers
  • Bastille program is available from
  • Bastille currently supports most distros of Linux and Unix including:
  • Red Hat, SuSe, Debian, Gentoo, Mandrake, and HP-UX

Securing X-Windows

  • X-windows is Graphical Interface for Linux
  • Comes with most distributions,but is ot part of them
  • Used to access systems both locally and remotely
  • X is a Protocol and set of utilities
  • Client-server design
  • Runs from the X server, and provides keyboard, mouse and video
  • Not configured securely by default
  • Signals can get intercepted btween x-server and client(either remote or local)
  • Several ways of securing X
  • xhost – controls authentication to x erver on a host basis
  • X server maintains lists of allowed hosts
  • xhost allows hosts to be added/deleted from list
  • Vulnerabilities: Host spoofing, sessions are per host, not per user
  • xauth – controls authentication through .Xauthority
  • .Xauthority file contains authentication ‘cookie’ that client must send to server
  • Best security mechanism is using X windows over ssh
  • Authentication can be controlled and audited through user credentials
  • communications traffic between x client and X erver is encrypted

Securing Linux Daemons

  • Daemons are same as Windows services
  • Programs that run in background to accomplish system tasks
  • Often run with a set of credentials and privilege levels
  • Securing Linux Daemons is to not install unnecessary ones!.
  • Best way to secure daemons is to not install unnessary ones!
  • Don’t use “Install Everything” option during installation
  • Install services according to machine role
  • Use ‘ps’ and ‘netstat’ commands to determine what services are running and network connections established by them
  • Many Daemons turned on/off in /etc/inetd.conf – edit this file to selectively disable services that are not needed
  • Recompiling kernel is another way to secure services
  • Generate learner kernel with only daemons you need supported
  • Eliminates risk of daemons being reconfigured or restarted

Security Patches

  • Even after initial hardening, Linux can still be insecure
  • New vulnerabilities discovered every day
  • Security patches issued to counter threats and fix vulnerabilities
  • Most current distros have automated patch utility
  • Connects to trusted centralized site and downloads latest patches
  • Usually provides patches for OS and popular software apps included in distro
  • Third party apps frequently need patches from different vendors
  • Usually manual download and installation process
  • Download patches only from trusted sites
  • Verify hashes provided with patches to ensure file integrity
  • Many utilities to download and install security patches
  • Up2date, YUM, and YaST are a few
  • Get familiar with your distro’s update utilities

Security Benchmarks

  • Several free and commercial tools exist to test/measure security on Linux
  • Benchmarks available for almost all distros
  • Usually automated tool that checks security of daemons, processes, accounts,permissions , etc.
  • Nessus is free valnerability scanner provided with most distros
  • Uses frequently updated database of vulnerabilities
  • Can be used for single or multiple machines
  • Uses client/server architecture

Rajesh Kumar
Latest posts by Rajesh Kumar (see all)