Find the Best Cosmetic Hospitals

Explore trusted cosmetic hospitals and make a confident choice for your transformation.

“Invest in yourself — your confidence is always worth it.”

Explore Cosmetic Hospitals

Start your journey today — compare options in one place.

Home Linux Complete Referance of Hardening in Linux Security

Complete Referance of Hardening in Linux Security

Linux · September 18, 2021 · Comments off
  • System Hardening Overview
  • Batille
  • Securing X-Windows
  • Securing Linux Daemons
  • Security patches
  • Security Benchmarks

System Hardening Overview

  • Linux, like other operatingsystems, is not secure “out of the box”
  • Security increases as newer versions and distros come out
  • Users/administrators still need to take steps to “harden” systems
  • Items typically requiring securing/hardening include:
  • X-Windows
  • System daemons
  • Networking services

Bastille

  • Scripts walk SA through several modules, automates changing a large number of configurable system items
  • Has modules for checking and configuring Internet services, suid(set-user-ID) files, account and boot security, and TCP wrappers
  • Bastille program is available from http://bastille-linux.sourceforge.net/
  • Bastille currently supports most distros of Linux and Unix including:
  • Red Hat, SuSe, Debian, Gentoo, Mandrake, and HP-UX

Securing X-Windows

  • X-windows is Graphical Interface for Linux
  • Comes with most distributions,but is ot part of them
  • Used to access systems both locally and remotely
  • X is a Protocol and set of utilities
  • Client-server design
  • Runs from the X server, and provides keyboard, mouse and video
  • Not configured securely by default
  • Signals can get intercepted btween x-server and client(either remote or local)
  • Several ways of securing X
  • xhost – controls authentication to x erver on a host basis
  • X server maintains lists of allowed hosts
  • xhost allows hosts to be added/deleted from list
  • Vulnerabilities: Host spoofing, sessions are per host, not per user
  • xauth – controls authentication through .Xauthority
  • .Xauthority file contains authentication ‘cookie’ that client must send to server
  • Best security mechanism is using X windows over ssh
  • Authentication can be controlled and audited through user credentials
  • communications traffic between x client and X erver is encrypted

Securing Linux Daemons

  • Daemons are same as Windows services
  • Programs that run in background to accomplish system tasks
  • Often run with a set of credentials and privilege levels
  • Securing Linux Daemons is to not install unnecessary ones!.
  • Best way to secure daemons is to not install unnessary ones!
  • Don’t use “Install Everything” option during installation
  • Install services according to machine role
  • Use ‘ps’ and ‘netstat’ commands to determine what services are running and network connections established by them
  • Many Daemons turned on/off in /etc/inetd.conf – edit this file to selectively disable services that are not needed
  • Recompiling kernel is another way to secure services
  • Generate learner kernel with only daemons you need supported
  • Eliminates risk of daemons being reconfigured or restarted

Security Patches

  • Even after initial hardening, Linux can still be insecure
  • New vulnerabilities discovered every day
  • Security patches issued to counter threats and fix vulnerabilities
  • Most current distros have automated patch utility
  • Connects to trusted centralized site and downloads latest patches
  • Usually provides patches for OS and popular software apps included in distro
  • Third party apps frequently need patches from different vendors
  • Usually manual download and installation process
  • Download patches only from trusted sites
  • Verify hashes provided with patches to ensure file integrity
  • Many utilities to download and install security patches
  • Up2date, YUM, and YaST are a few
  • Get familiar with your distro’s update utilities

Security Benchmarks

  • Several free and commercial tools exist to test/measure security on Linux
  • Benchmarks available for almost all distros
  • Usually automated tool that checks security of daemons, processes, accounts,permissions , etc.
  • Nessus is free valnerability scanner provided with most distros
  • Uses frequently updated database of vulnerabilities
  • Can be used for single or multiple machines
  • Uses client/server architecture

Find Trusted Cardiac Hospitals

Compare heart hospitals by city and services — all in one place.

Explore Hospitals
Rajesh Kumar
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at <a href="https://www.cotocus.com/">Cotocus</a>. I share tech blog at <a href="https://www.devopsschool.com/">DevOps School</a>, travel stories at <a href="https://www.holidaylandmark.com/">Holiday Landmark</a>, stock market tips at <a href="https://www.stocksmantra.in/">Stocks Mantra</a>, health and fitness guidance at <a href="https://www.mymedicplus.com/">My Medic Plus</a>, product reviews at <a href="https://www.truereviewnow.com/">TrueReviewNow</a> , and SEO strategies at <a href="https://www.wizbrand.com/">Wizbrand.</a> Do you want to learn <a href="https://www.quantumuting.com/">Quantum Computing</a>? <strong>Please find my social handles as below;</strong> <a href="https://www.rajeshkumar.xyz/">Rajesh Kumar Personal Website</a> <a href="https://www.youtube.com/TheDevOpsSchool">Rajesh Kumar at YOUTUBE</a> <a href="https://www.instagram.com/rajeshkumarin">Rajesh Kumar at INSTAGRAM</a> <a href="https://x.com/RajeshKumarIn">Rajesh Kumar at X</a> <a href="https://www.facebook.com/RajeshKumarLog">Rajesh Kumar at FACEBOOK</a> <a href="https://www.linkedin.com/in/rajeshkumarin/">Rajesh Kumar at LINKEDIN</a> <a href="https://www.wizbrand.com/rajeshkumar">Rajesh Kumar at WIZBRAND</a> <a href="https://www.rajeshkumar.xyz/dailylogs">Rajesh Kumar DailyLogs</a>

Related Posts

Linux

Java Installation Guide in Linux & Windows

· August 22, 2025 · 1 Comment

DOWNLOAD OPEN JDK & JRE JAVA PACKAGE FROM – https://jdk.java.net/archive/ Download and Install JDK/JRE 7 in Centos & RHEL Download and Install JDK/JRE 8 in Centos &…

Read More
Linux

Linux Tutorials: Commands for Linux Administrator

· March 3, 2025 · 0 Comment

1. sudo – Execute commands with elevated privileges, a fundamental for system administration. 2. useradd – Create a new user account, essential for managing user access. 3….

Read More
Linux

Linux Tutorials: How to troubleshoot Linux Server?

· January 14, 2024 · 0 Comment

If a linux-build-server suddenly starts getting slow, I would divide my approach / troubleshooting into 3 section as follows; System Level troubleshooting Application Level troubleshooting Dependent Services troubleshooting…

Read More
Linux

What is Linux and use cases of Linux?

· December 7, 2023 · 0 Comment

What is Linux? Linux is an open-source, Unix-like operating system kernel first created by Linus Torvalds in 1991. It serves as the foundation for a wide range…

Read More
Docker

Jenkins Tutorial: Install Jenkins on Ubuntu

· November 27, 2022 · 0 Comment

In this tutorial we are going to install Jenkins on Ubuntu operating system. Ubuntu is another debian based operating system – open sourced and highly loved by…

Read More
Linux

Linux Performance Monitoring Guide

· October 12, 2022 · 0 Comment

CPU Memory Network Storage Device and Input I/O Storage Capacity Storage Controller CPU Memory and I/O Interconnect Rajesh Kumar I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge…

Read More