Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours on Instagram and YouTube and waste money on coffee and fast food, but won’t spend 30 minutes a day learning skills to boost our careers.
Master in DevOps, SRE, DevSecOps & MLOps!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

Complete Referance of Hardening in Linux Security

  • System Hardening Overview
  • Batille
  • Securing X-Windows
  • Securing Linux Daemons
  • Security patches
  • Security Benchmarks

System Hardening Overview

  • Linux, like other operatingsystems, is not secure “out of the box”
  • Security increases as newer versions and distros come out
  • Users/administrators still need to take steps to “harden” systems
  • Items typically requiring securing/hardening include:
  • X-Windows
  • System daemons
  • Networking services

Bastille

  • Scripts walk SA through several modules, automates changing a large number of configurable system items
  • Has modules for checking and configuring Internet services, suid(set-user-ID) files, account and boot security, and TCP wrappers
  • Bastille program is available from http://bastille-linux.sourceforge.net/
  • Bastille currently supports most distros of Linux and Unix including:
  • Red Hat, SuSe, Debian, Gentoo, Mandrake, and HP-UX

Securing X-Windows

  • X-windows is Graphical Interface for Linux
  • Comes with most distributions,but is ot part of them
  • Used to access systems both locally and remotely
  • X is a Protocol and set of utilities
  • Client-server design
  • Runs from the X server, and provides keyboard, mouse and video
  • Not configured securely by default
  • Signals can get intercepted btween x-server and client(either remote or local)
  • Several ways of securing X
  • xhost – controls authentication to x erver on a host basis
  • X server maintains lists of allowed hosts
  • xhost allows hosts to be added/deleted from list
  • Vulnerabilities: Host spoofing, sessions are per host, not per user
  • xauth – controls authentication through .Xauthority
  • .Xauthority file contains authentication ‘cookie’ that client must send to server
  • Best security mechanism is using X windows over ssh
  • Authentication can be controlled and audited through user credentials
  • communications traffic between x client and X erver is encrypted

Securing Linux Daemons

  • Daemons are same as Windows services
  • Programs that run in background to accomplish system tasks
  • Often run with a set of credentials and privilege levels
  • Securing Linux Daemons is to not install unnecessary ones!.
  • Best way to secure daemons is to not install unnessary ones!
  • Don’t use “Install Everything” option during installation
  • Install services according to machine role
  • Use ‘ps’ and ‘netstat’ commands to determine what services are running and network connections established by them
  • Many Daemons turned on/off in /etc/inetd.conf – edit this file to selectively disable services that are not needed
  • Recompiling kernel is another way to secure services
  • Generate learner kernel with only daemons you need supported
  • Eliminates risk of daemons being reconfigured or restarted

Security Patches

  • Even after initial hardening, Linux can still be insecure
  • New vulnerabilities discovered every day
  • Security patches issued to counter threats and fix vulnerabilities
  • Most current distros have automated patch utility
  • Connects to trusted centralized site and downloads latest patches
  • Usually provides patches for OS and popular software apps included in distro
  • Third party apps frequently need patches from different vendors
  • Usually manual download and installation process
  • Download patches only from trusted sites
  • Verify hashes provided with patches to ensure file integrity
  • Many utilities to download and install security patches
  • Up2date, YUM, and YaST are a few
  • Get familiar with your distro’s update utilities

Security Benchmarks

  • Several free and commercial tools exist to test/measure security on Linux
  • Benchmarks available for almost all distros
  • Usually automated tool that checks security of daemons, processes, accounts,permissions , etc.
  • Nessus is free valnerability scanner provided with most distros
  • Uses frequently updated database of vulnerabilities
  • Can be used for single or multiple machines
  • Uses client/server architecture

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.