Ask HN: Best Server Hardening Guide? 30 points by Kinnard 10y ago ↗ HN What are the best server hardening guides?
[–] api 10y ago ↗ (1) sudo netstat -tanp | grep LISTEN(2) For anything not listening to 127.0.0.1: what is it and do you need it?(3) If answer to #2 is "dunno" or "no," turn it off.:) [–] Kinnard 10y ago ↗ Nice.
[–] leni536 10y ago ↗ I used this for my iptables settings.https://wiki.archlinux.org/index.php/Simple_stateful_firewal...
[–] VarunAgw 10y ago ↗ Co-incidentally I got this in E-Mail as newsletterhttps://www.digitalocean.com/community/tutorials/7-security-...
[–] tmaly 10y ago ↗ stay away from ufw and stick with iptables. I had some ufw stuff fail on me and I discovered when I logged in that everything was open again.
[–] richardthered 10y ago ↗ Check out : https://benchmarks.cisecurity.org/downloads/multiform/They call them 'benchmarks', but they are really just checklists of things to do (disable X, lock down Y, etc.)
[–] e1ven 10y ago ↗ One quick note - You probably shouldn't be performing your server hardening manually on each server. It's easy to miss things.I'd suggest using an ansible/chef/puppet/whatever script, that you customize to meet the needs of your particular application.Some simple ones you could start with are available at http://tinyurl.com/AnsibleFirst5 and/or http://hardening.io/Expand to add additional configuration and hardening for your particular infrastructure.
[–] ch215 10y ago ↗ The Hardened Gentoo project page has a lot of useful information, guides on using Pax, grsecurity and so on...https://wiki.gentoo.org/wiki/Project:Hardened
[–] jlawer 10y ago ↗ Red Hat have a very good guide for RHEL / CentOS:https://access.redhat.com/documentation/en-US/Red_Hat_Enterp...NSA have also put out some good hardening guides
10 comments
[ 3.0 ms ] story [ 28.0 ms ] thread(2) For anything not listening to 127.0.0.1: what is it and do you need it?
(3) If answer to #2 is "dunno" or "no," turn it off.
:)
https://wiki.archlinux.org/index.php/Simple_stateful_firewal...
https://www.digitalocean.com/community/tutorials/7-security-...
They call them 'benchmarks', but they are really just checklists of things to do (disable X, lock down Y, etc.)
I'd suggest using an ansible/chef/puppet/whatever script, that you customize to meet the needs of your particular application.
Some simple ones you could start with are available at http://tinyurl.com/AnsibleFirst5 and/or http://hardening.io/
Expand to add additional configuration and hardening for your particular infrastructure.
https://wiki.gentoo.org/wiki/Project:Hardened
https://access.redhat.com/documentation/en-US/Red_Hat_Enterp...
NSA have also put out some good hardening guides