Documentation
>
Security and Hardening Guide
>
◀
Part II. General System Security and Service Protection Methods
Contents
2. Introduction
3. Linux Security in
“
General
”
3.1. Physical Security
3.2. Locking down the BIOS
3.3. Security via the Boot Loaders
3.4. Verifying Security Action with seccheck
3.5. Retiring Linux Servers with Sensitive Data
3.6. Backups
3.7. Disk Partitions
3.8. Firewall (iptables)
3.9. Security Features in the Kernel
3.10. AppArmor
3.11. SELinux
3.12. FTP,
telnet
, and
rlogin
(rsh)
3.13. Removing Unnecessary Software Packages (RPMs)
3.14. Patching Linux Systems
3.15. Securing the Network - Open Network Ports Detection
3.16. Disabling Runlevel Services
3.17.
xinetd
Services - Disabling
3.18. Reviewing Inittab and Boot Scripts
3.19. Restricting System Access from Servers and Networks
3.20. Securing SSH
3.21. Securing Postfix
3.22. Filesystems: Securing NFS
3.23. Copying Files Using SSH Without Providing Login Prompts
3.24. Checking File Permissions and Ownership
3.25. Default umask
3.26. SUID/SGID Files
3.27. World-Writable Files
3.28. Orphaned or Unowned Files
3.29. Various Account Checks
3.30. Single User Mode Password for
root
3.31. Enabling Password Aging
3.32. Stronger Password Enforcement
3.33. Leveraging an Effective pam-stack
3.34. Preventing Accidental Denial of Service
3.35. Displaying Login Banners
3.36. Miscellaneous