the-practical-linux-hardening-guide
the-practical-linux-hardening-guide copied to clipboard
trimstray
This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
- https://static.open-scap.org/ssg-guides/ssg-centos7-guide-pci-dss.html - https://www.open-scap.org/resources/documentation/make-a-rhel7-server-compliant-with-pci-dss/
[Disable TCP SACK](https://github.com/trimstray/linux-hardening-checklist/pull/1)
I always think that checklists such as this -i.e. especially security-oriented ones- would be much more useful, as they would let you learn the why behind the how, if they...
I'm fairly certain that there's a typo in this section https://github.com/trimstray/the-practical-linux-hardening-guide/wiki/OpenSSH#set-authentication-attempt-limit ``` MaxAuthTries tries ``` Shouldn't this configuration line be set to a numerical value? In the [C2S/CIS: No-CCE (Medium)](https://static.open-scap.org/ssg-guides/ssg-rhel7-guide-C2S.html#xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries)...
# Auditd lremovexattr has duplicate rules because there are two 32 bit rules instead of one 32 and one 64 ## Record events that modify the system's discretionary access controls...
I cannot seem to access the pages from "Logging & Auditing" downwards on the navigation.
To prevent an attacker from tampering with GRUB, you can sign all the GRUB files. More info: https://www.gnu.org/software/grub/manual/grub/html_node/Using-digital-signatures.html
