More coming, but start with these important hardening practices
GrapheneGoat’s tips for hardening our Linux boxes
General topics to also ensure you enhance and maintain the best security on your Linux system
Always update your machine. There are security and bug updates daily on most distros.
sudo apt update && sudo apt upgrade -y
For automatic updates, install unattended-upgrades:
sudo apt install unattended-upgrades sudo dpkg-reconfigure --priority=low unattended-upgrades
Remove unnecessary packages (reduce attack surface):
sudo apt-get remove --purge <package_name> sudo apt-get autoremove
Disable unused services (such as FTP, SSH, Bluetooth, etc)
sudo systemctl disable <service_name> sudo systemctl stop <service_name>
Disable root login via SSH. Edit the /etc/ssh/sshd_config file by changing/adding this line, and reloading sshd:
PermitRootLogin no sudo systemctl reload sshd
If you need to SSH into the machine, use SSH Keys rather than a password, edit the /etc/ssh/sshd_config file, and reload sshd:
PasswordAuthentication no PubkeyAuthentication yes
sudo systemctl reload sshd
Consider using IDS (Intrusion Detection Software)
Use Encryption for sensitive data
Backup your data! 3,2,1 Data Backup Rule
Use a Home Firewall running pfSense
May your Linux journey be as wonderful as this, with just a little help…
