Common approaches to securing Linux servers and what runs on them.

  • Access control lists (ACLs)…
  • System auditing…
  • Static analysis and fuzzing…
  • Network segmentation…
  • Compartmentalization…
  • File permissions and umask…
  • Containers…
  • Utilizing threat intelligence…
  • Firewall and packet filters…
  • DNS and domain registrar…
  • Physical access…
  • Do you have deterministic builds?
  • Verifying digital signatures…
  • Have you sandboxed your application(s)?
  • TLS and crypto configuration…
  • Keys and secrets management…
  • HTTP security headers…
  • File integrity monitoring…
  • Intrusion detection…
  • Vulnerability assessment…
  • Security of the base system…
  • LSMs (Linux Security Modules)
  • Linux kernel hardening and enhancement…
  • Removing unnecessary devices…
  • Are you aggregating, parsing and alerting upon your logs?
  • How well are you monitoring resource usage?
  • Infrastructure tests…
  • Platform and firmware security…
  • Protecting the remote shell…
  • Webserver best practices…
  • Secondary factors…
  • DNS resolution…
  • Audit trusted parties…
  • Signing git commits and tags …

--

--

--

Linux sysadmin/DevOps/SRE privacy & transparency activist 0xB604C32AD5D7C6D8

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

DeXe Ecosystem Updatе, including Kattana & 111PG

{UPDATE} Zombie Drive Endless Driving Crash & Kills Hack Free Resources Generator

Hikvision’s latest security issue (affects Hikvision OEM brands as well)

{UPDATE} 意味が分かると怖い話-蠕 Hack Free Resources Generator

Responding to Evolving Threats in Cybersecurity

The Open Digital Trust Initiative

What makes Blockchain so reliable? Let us discuss the role of cryptography in it.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kevin M. Gallagher

Kevin M. Gallagher

Linux sysadmin/DevOps/SRE privacy & transparency activist 0xB604C32AD5D7C6D8

More from Medium

A Detailed Brief About Offence and Defence on Cloud Security — Etcd Risks

CVE-2012–6342: Atlassian Confluence — Cross-Site Request Forgery (CSRF)

TAMU CTF 2022 Writeup — Web: Serial Killer

How Often Should You Pentest? — Cyver