Skip to content
Linux Hardening

Guides

nftables Firewall Baseline for Linux Servers
Build a default-deny nftables firewall, harden network sysctls, and shrink your exposed service footprint on any Linux server.
nftablesfirewallnetworksysctl
Least-privilege accounts and sudo on Linux
Enforce strong passwords, account lockout, password aging, secure sudo drop-ins and a tight umask to apply least privilege on Linux systems.
userssudopamleast-privilege
Harden SSH access on Linux
Move SSH to key-only authentication, disable root login, and lock down sshd with a battle-tested configuration.
sshauthenticationaccess-controlserver