The beauty of Linux is that it is so accessible and freely available that it is easy to get up and running with very little training or knowledge. The web-based support community places all the tips and tutorials you'll ever need to carry out any Linux set-up task or troubleshoot issues you may experience.
Finding and interpreting the right hardening checklist for your Linux hosts may still be a challenge so this guide gives you a concise checklist to work from, encompassing the highest priority hardening measures for a typical Linux server.
NNT Change Tracker Enterprise has been certified by the CIS to 100% accurately audit all RHEL, CentOS, Ubuntu, SUSE and other Linux, identifying where vulnerable configuration settings are present and explaining in plain English, how to mitigate them.
RHEL 7 Hardened Services List
Chrony Service
(CIS guidance is to use 'at least two synchronized time sources from which all servers and network equipment retrieve time information on a regular basis so that timestamps in logs are consistent')
Action: Install
Command: yum install chrony
Chrony Service
(CIS guidance is to use 'at least two synchronized time sources from which all servers and network equipment retrieve time information on a regular basis so that timestamps in logs are consistent')
Action: Enable
Command: systemctl enable chronyd
Lightweight Directory Access Protocol (LDAP) Client Services
Action: Remove
Command: yum erase openldap-clients
Lightweight Directory Access Protocol Server (LDAP)
Action: Disable
Command: systemctl disable slapd
Network Information Service Server (NIS) (Yellow Pages)
Action: Disable
Command: systemctl disable ypserv
NTP Service
(CIS guidance is to use 'at least two synchronized time sources from which all servers and network equipment retrieve time information on a regular basis so that timestamps in logs are consistent')
Action: Install
Command: yum install ntp
NTP Service
(CIS guidance is to use 'at least two synchronized time sources from which all servers and network equipment retrieve time information on a regular basis so that timestamps in logs are consistent')
Action: Enable
Command: systemctl enable ntpd
Trivial File Transfer Protocol Server (TFTP.socket) Service
Action: Disable
Command: systemctl disable tftp.socket
CentOS 7 Hardened Services List
Chrony Service
(CIS guidance is to use 'at least two synchronized time sources from which all servers and network equipment retrieve time information on a regular basis so that timestamps in logs are consistent')
Action: Install
Command: yum install chrony
Chrony Service
(CIS guidance is to use 'at least two synchronized time sources from which all servers and network equipment retrieve time information on a regular basis so that timestamps in logs are consistent')
Action: Enable
Command: systemctl enable chronyd
Lightweight Directory Access Protocol (LDAP) Client Services
Action: Remove
Command: yum erase openldap-clients
Lightweight Directory Access Protocol Server (LDAP)
Action: Disable
Command: systemctl disable slapd
Network Information Service Server (NIS) (Yellow Pages)
Action: Disable
Command: systemctl disable ypserv
NTP Service
(CIS guidance is to use 'at least two synchronized time sources from which all servers and network equipment retrieve time information on a regular basis so that timestamps in logs are consistent')
Action: Install
Command: yum install ntp
NTP Service
(CIS guidance is to use 'at least two synchronized time sources from which all servers and network equipment retrieve time information on a regular basis so that timestamps in logs are consistent')
Action: Enable
Command: systemctl enable ntpd
Trivial File Transfer Protocol Server (TFTP.socket) Service
Action: Disable
Command: systemctl disable tftp.socket
