RedHat Hardening Guide

RedHat Hardening Guide:

1.             Partitioning

Keep directories that users can write to on their own partition

·         Prevents hard linking to setuid programs

·         Allows precise control over mount options

·         Allow minimal privileges via mount options

·         Noexec on everything possible

·         Nodev everywhere except / and chroot partitions

·         Nosetuid everywhere except /

·         Consider making /var/tmp link to /tmp, or maybe mount –bind option

2.             Unused Daemon Removal

·         Remove all daemons (and packages) not being used

3.             Keep system time in sync

4.             Apache

·         Remove all unneeded modules

·         Use mod_security to weed out injection attacks

·         Set correct SE Linux Booleans to maintain functionality andprotection

5.             Audit

·         Install auditd

·         Audit daemon will turn on kernel auditing at boot and load rules

·         Review aureport output regularly

·         Aureport gives system security summary report

6.             Access Control

·         Do not allow root logins from SSH

·         Lockout an account for consecutive failed login attempts

·         Disable boot to anything except hard drive

·         Do not allow booting from CD/DVD or USB devices

·         Disable any hardware unused

·         Protects against device driver flaws should any ever be found

·         After making sure to disallow USB booting, you don't want anyone to undo it