Linux

Below are some specific options to improve security of your system. Some specific Linux notes were described in the general section. Below, I will provide a checklist to follow:

• SSH

  • Disable root access for SSH. Use a new user account for SSH.

  • Change the default port (22) for SSH to something other than 22.

  • Disable “Password Login Authentication” for SSH.

    • Use a private/public key pair. Create these with the following encryption methods:

      • rsa 4096 (or above)

      • Or use ed25519

• Enable and configure UFW (Firewall)

  • If using as a server for a specific application, start off with blocking ALL and only allowing what is needed. If using for day to day workstation, this may be harder to achieve. So instead, you can only block what is needed.

• Use an IDS, such as Snort.

• Use an IPS, such as Fail2Ban. Great for intrusions and attacks such as DDOS

• Monitor traffic with tools such as netstat or nmap

  • netstat -tulpn | ss -tulpn | -sT for nmap

• User SELinux – Some benefits are:

  • RBAC (Role Based Access Control for user accounts

  • Rule based access for ports, processes, files, and directories