Linux Hardening

Linux Hardening — Blog https://linux-hardening.vercel.app/en/blog Latest from Blog en Thu, 25 Jun 2026 18:49:39 GMT Audit Linux Hardening with Lynis, CIS & OpenSCAP https://linux-hardening.vercel.app/en/blog/audit-with-lynis-cis https://linux-hardening.vercel.app/en/blog/audit-with-lynis-cis Measure Linux hardening with CIS Benchmarks, DISA STIG and ANSSI-BP-028 using Lynis and OpenSCAP, then automate and track remediation. Florian Amette Wed, 03 Jun 2026 00:00:00 GMT Intrusion Detection on Linux with AIDE and fail2ban https://linux-hardening.vercel.app/en/blog/aide-fail2ban-detection https://linux-hardening.vercel.app/en/blog/aide-fail2ban-detection Detect breaches early with file integrity monitoring (AIDE), brute-force protection (fail2ban), and rootkit scanners as part of defense in depth. Florian Amette Wed, 27 May 2026 00:00:00 GMT Boot & Physical Security: GRUB, LUKS, Secure Boot https://linux-hardening.vercel.app/en/blog/boot-grub-luks-hardening https://linux-hardening.vercel.app/en/blog/boot-grub-luks-hardening Harden the Linux boot chain against console access, stolen disks and evil-maid attacks with GRUB passwords, LUKS encryption and Secure Boot. Florian Amette Wed, 20 May 2026 00:00:00 GMT Automatic Security Updates on Linux https://linux-hardening.vercel.app/en/blog/automatic-security-updates https://linux-hardening.vercel.app/en/blog/automatic-security-updates Keep Linux patched automatically with unattended-upgrades and dnf-automatic, trusted repositories, and a reduced package surface. Florian Amette Wed, 13 May 2026 00:00:00 GMT Auditd & Journald: A Logging Baseline https://linux-hardening.vercel.app/en/blog/auditd-logging-baseline https://linux-hardening.vercel.app/en/blog/auditd-logging-baseline Build a tamper-resistant logging baseline on Linux with persistent journald, the auditd framework, sensitive-file watches, and off-host log shipping. Florian Amette Wed, 06 May 2026 00:00:00 GMT SELinux & AppArmor: Confining Linux with MAC https://linux-hardening.vercel.app/en/blog/selinux-apparmor-confinement https://linux-hardening.vercel.app/en/blog/selinux-apparmor-confinement Add Mandatory Access Control to Linux with SELinux and AppArmor. Keep SELinux enforcing, read denials, and fix policy instead of disabling it. Florian Amette Tue, 28 Apr 2026 00:00:00 GMT Sandboxing systemd Services to Cut Attack Surface https://linux-hardening.vercel.app/en/blog/systemd-service-sandboxing https://linux-hardening.vercel.app/en/blog/systemd-service-sandboxing Enumerate, disable, score and sandbox systemd units with drop-ins to shrink the attack surface of every Linux service you run. Florian Amette Wed, 15 Apr 2026 00:00:00 GMT Filesystem & Mount Hardening on Linux https://linux-hardening.vercel.app/en/blog/filesystem-mount-hardening https://linux-hardening.vercel.app/en/blog/filesystem-mount-hardening Harden Linux filesystems with nodev/nosuid/noexec mount options, audit SUID/SGID binaries, fix world-writable files, and tighten permissions on sensitive paths. Florian Amette Thu, 02 Apr 2026 00:00:00 GMT Kernel Hardening with sysctl, Modules & Lockdown https://linux-hardening.vercel.app/en/blog/kernel-sysctl-hardening https://linux-hardening.vercel.app/en/blog/kernel-sysctl-hardening Harden the Linux kernel with sysctl tunables, module blacklisting, and lockdown mode. Practical /etc/sysctl.d and modprobe.d examples with verification. Florian Amette Thu, 19 Mar 2026 00:00:00 GMT nftables Firewall Baseline for Linux Servers https://linux-hardening.vercel.app/en/blog/nftables-firewall-baseline https://linux-hardening.vercel.app/en/blog/nftables-firewall-baseline Build a default-deny nftables firewall, harden network sysctls, and shrink your exposed service footprint on any Linux server. Florian Amette Wed, 04 Mar 2026 00:00:00 GMT Least-privilege accounts and sudo on Linux https://linux-hardening.vercel.app/en/blog/least-privilege-accounts https://linux-hardening.vercel.app/en/blog/least-privilege-accounts Enforce strong passwords, account lockout, password aging, secure sudo drop-ins and a tight umask to apply least privilege on Linux systems. Florian Amette Tue, 17 Feb 2026 00:00:00 GMT Harden SSH access on Linux https://linux-hardening.vercel.app/en/blog/harden-ssh-access https://linux-hardening.vercel.app/en/blog/harden-ssh-access Move SSH to key-only authentication, disable root login, and lock down sshd with a battle-tested configuration. Florian Amette Tue, 03 Feb 2026 00:00:00 GMT