# Linux * SSH * Disable root access for SSH. Use a new user account for SSH. * Change the default port (22) for SSH to something other than 22. * Disable “Password Login Authentication” for SSH. * Use a private/public key pair. Create these with the following encryption methods: * rsa 4096 (or above) * Or use ed25519 * Enable and configure UFW (Firewall) * If using as a server for a specific application, start off with blocking ALL and only allowing what is needed. If using for day to day workstation, this may be harder to achieve. So instead, you can only block what is needed. * Use an IDS, such as Snort. * Use an IPS, such as Fail2Ban. Great for intrusions and attacks such as DDOS * Monitor traffic with tools such as netstat or nmap * netstat -tulpn | ss -tulpn | -sT for nmap * User SELinux – Some benefits are: * RBAC (Role Based Access Control for user accounts * Rule based access for ports, processes, files, and directories --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://epochsec.gitbook.io/daily-activities-best-practices/general-os-hardening/linux.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.