Linux

Track the tasks required to secure a Linux system.

Get Started. It's Free
or sign up with your email address
Rocket clouds
Linux by Mind Map: Linux

1. Web server

1.1. Shared

1.1.1. First virtual host should block access or default to static page

1.1.2. Sub task

1.1.3. Sub task

1.2. Isolated

1.2.1. Sub task

1.2.2. Sub task

1.2.3. Sub task

2. SSH

2.1. Disable password login

2.2. Disable root login

2.3. Use public/private key cryptography

2.4. SSH banner

2.5. specify access method

2.6. Limit root allowed access

3. Mail server

3.1. Task

3.1.1. Sub task

3.1.2. Sub task

3.1.3. Sub task

3.2. Task

3.2.1. Sub task

3.2.2. Sub task

3.2.3. Sub task

4. System Integrity

4.1. Tripwire

4.2. Synchronized Time Server

4.2.1. chronyd

4.3. Packages manager

4.3.1. Check for security updates

5. Basic commands

5.1. ~# last

5.2. ~# lastb

5.3. ~# w

6. System Statics

6.1. $ sar

6.2. $ iostat

6.3. $ mpstat

6.4. $ sadc

6.5. $ sa1

6.6. $ sa2

6.7. $ sadf

7. Log analyzing

7.1. Logwatch

7.2. LogCheck

8. Tips

8.1. Turn on SELinux

8.2. Enable firewall

8.3. Disable unused accounts

8.4. Do not use FTP, use SFTP

8.5. Whit-listing your ip is not a solution

8.6. Separate partition's

8.7. Use TPM wherever possible

8.8. ~$ lsb_release -a

9. Sockets

9.1. ~# ss --listening --tcp --udp | less

10. THIS SIDE IS FOR SYSTEM

11. THIS SIDE IS FOR SERVICE'S

12. Log's server

13. DNS

13.1. DNSSEC

14. Virtualzation

14.1. Server consolidation

14.2. Service's isolation's

14.3. Server provisioning

14.4. Disaster recovery