Security

20 guides for hardening and securing Linux systems.

Security is not a product, but a process. These guides cover defense-in-depth strategies for Linux systems including system hardening, authentication, encryption, auditing, and security tools.

20
Guides
5
Categories
CIS
Benchmark Aligned

System Hardening

Linux System Hardening

intermediate

Comprehensive guide to hardening Linux systems against attacks.

linuxhardeningsecuritycis benchmarks

SSH Security Hardening

beginner

Secure SSH configuration and best practices for remote access.

sshopensshremote accesskey authentication

Kernel Security Hardening

advanced

Kernel parameters and configurations for enhanced security.

kernelsysctlsecurityhardening

Service Hardening

intermediate

Secure configuration of common system services.

servicessystemdhardeningsecurity

Authentication

PAM Configuration

advanced

Pluggable Authentication Modules configuration and security.

pamauthenticationlinuxsecurity

SSH Key Management

beginner

Secure SSH key generation, deployment, and management.

ssh keysed25519rsapublic key

LDAP Authentication

advanced

Centralized authentication with LDAP and Active Directory integration.

ldapactive directoryopenldapcentralized auth

Two-Factor Authentication

intermediate

Implementing TOTP and other 2FA methods for Linux systems.

2fatotpgoogle authenticatormfa

Encryption

GPG/PGP Encryption

intermediate

GNU Privacy Guard for file encryption and email signing.

gpgpgpencryptionsigning

LUKS Disk Encryption

intermediate

Full disk encryption with LUKS for Linux systems.

luksdisk encryptioncryptsetupdm-crypt

SSL/TLS Certificates

intermediate

SSL/TLS certificate management, best practices, and implementation.

ssltlscertificateshttps

File Encryption

beginner

Encrypt individual files and directories with various tools.

file encryptionageopensslencrypted files

Auditing

Linux Audit System (auditd)

advanced

Configure the Linux audit framework for security monitoring.

auditdauditloggingsecurity monitoring

Log Analysis and Management

intermediate

Centralized logging, analysis, and security monitoring.

logssyslogjournaldrsyslog

Intrusion Detection Systems

advanced

Host and network-based intrusion detection with OSSEC, Snort, and Suricata.

idsintrusion detectionossecsnort

File Integrity Monitoring

intermediate

Monitor file changes with AIDE, Tripwire, and other FIM tools.

file integrityaidetripwirefim

Tools

nmap Network Scanner

intermediate

Network discovery and security auditing with nmap.

nmapnetwork scannerport scanningsecurity audit

Lynis Security Auditing

beginner

Automated security auditing and hardening suggestions with Lynis.

lynissecurity audithardeningcompliance

fail2ban Intrusion Prevention

beginner

Protect services from brute-force attacks with fail2ban.

fail2banbrute forceintrusion preventionssh protection

ClamAV Antivirus

beginner

Open-source antivirus for Linux servers and mail gateways.

clamavantivirusmalwarevirus scanner

Security Principles

  • +Defense in Depth - Multiple layers of security controls
  • +Least Privilege - Minimum permissions necessary
  • +Fail Secure - Default to secure state on failure
  • +Zero Trust - Never trust, always verify
  • +Audit Everything - Log and monitor all activity
  • +Keep Updated - Patch vulnerabilities promptly

We use cookies to enhance your experience. Learn more