Linux hardening: A 15-step checklist for a secure Linux server

1 2 Page 2
Page 2 of 2

#chown root:root /etc/group

Set User/Group Owner and Permission on the “shadow” file

#chmod 600 /etc/shadow

#chown root:root /etc/shadow

Set User/Group Owner and Permission on the “gshadow” file

#chmod 600 /etc/gshadow

#chown root:root /etc/gshadow

15- Additional process hardening

For this last item in the list, I’m including some additional tips that should be considered when hardening a Linux host.

First, restrict core dumps by:

  • Adding hard core 0 to the “/etc/security/limits.conf” file
  • Adding fs.suid_dumpable = 0 to the “/etc/sysctl.conf” file

Second, configure Exec Shield by:

  • Adding kernel.exec-shield = 1 to the “/etc/sysctl.conf” file

Third, enable randomized Virtual Memory Region Placement by:

  • Adding kernel.randomize_va_space = 2 to the “/etc/sysctl.conf” file

Final words

In this short post, we covered many important configurations for Linux security. But, we’ve just scratched the surface of Linux hardening—there are a lot of complex, nitty-gritty configurations. To learn more about how to harden your Linux servers for better security, check out my courses on Pluralsight.

Gus Khawaja is a security consultant and author at Pluralsight. He works in security, IT and Web application development and creates courses for Pluralsight. Gus has successfully delivered and developed IT solutions for companies throughout Canada. After many years of experience in computer science, he has turned his attention to cyber security and the importance that security brings to this minefield. His passion for ethical hacking mixed with his background in programming and IT make him a wise Swiss Army Knife professional in the computer science field.

This story, "Linux hardening: A 15-step checklist for a secure Linux server" was originally published by Network World.

Copyright © 2016 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
  
Shop Tech Products at Amazon