Skip to content

Commit e7e332c

Browse files
author
bad-antics
committed
Add Linux security hardening guide
1 parent c6b4561 commit e7e332c

1 file changed

Lines changed: 73 additions & 3 deletions

File tree

SECURITY.md

Lines changed: 73 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,75 @@
1-
# Security Policy
1+
# Linux Security Hardening Guide
22

3-
## Reporting a Vulnerability
3+
## Overview
4+
Comprehensive Linux security hardening procedures.
45

5-
Report security vulnerabilities via GitHub Security Advisories.
6+
## Kernel Hardening
7+
8+
### Sysctl Settings
9+
- ASLR configuration
10+
- Core dump restrictions
11+
- Exec shield
12+
- Panic settings
13+
14+
### Module Security
15+
- Module loading restrictions
16+
- Signing requirements
17+
- Blacklisting
18+
19+
### Syscall Filtering
20+
- seccomp profiles
21+
- Audit subsystem
22+
- SELinux/AppArmor
23+
24+
## Filesystem Security
25+
26+
### Permissions
27+
- umask settings
28+
- Sticky bits
29+
- SUID/SGID auditing
30+
- ACL implementation
31+
32+
### Mount Options
33+
- noexec
34+
- nosuid
35+
- nodev
36+
- read-only mounts
37+
38+
### Encryption
39+
- LUKS configuration
40+
- dm-crypt
41+
- ecryptfs
42+
- fscrypt
43+
44+
## Network Security
45+
46+
### Firewall
47+
- iptables/nftables
48+
- Default deny
49+
- Logging
50+
- Rate limiting
51+
52+
### Service Hardening
53+
- SSH configuration
54+
- Network services
55+
- Listening ports
56+
57+
## Authentication
58+
59+
### PAM Configuration
60+
- Password policies
61+
- Account lockout
62+
- Two-factor auth
63+
64+
### SSH Hardening
65+
- Key-based auth
66+
- Allowed users
67+
- Protocol settings
68+
69+
## Monitoring
70+
- auditd rules
71+
- Log management
72+
- AIDE/Tripwire
73+
74+
## Legal Notice
75+
For authorized system administration.

0 commit comments

Comments
 (0)