Linux Server Hardening

LATEST BLOG:

Triton Malware Found Inside Second CNI Facility

NNT

System Hardening and Vulnerability Management

Server Hardening Resources

Linux Server Hardening

The Linux Paradigm

The beauty of Linux is that it is so accessible and freely available that it is easy to get up and running with very little training or knowledge. The web-based support community places all the tips and tutorials you'll ever need to carry out any Linux set-up task or troubleshoot issues you may experience.

Finding and interpreting the right hardening checklist for your Linux hosts may still be a challenge so this guide gives you a concise checklist to work from, encompassing the highest priority hardening measures for a typical Linux server.

NNT Change Tracker Enterprise has been certified by the CIS to 100% accurately audit all RHEL, CentOS, Ubuntu, SUSE and other Linux, identifying where vulnerable configuration settings are present and explaining in plain English, how to mitigate them.

Hardened Linux Service Configurations

RHEL 7 Hardened Services List

RHEL 7 Hardened Services List

Audit (auditd) Service

Audit (auditd) Service

Action: Enable
Command: systemctl enable auditd

Avahi Server

Berkeley RSH-Server (rsh-server) Service

Chargen Server (chargen-dgram) Service

Chargen Server (chargen-stream) Service

Chrony Service

Chrony Service

Common Unix Print System (CUPS)

CRON Scheduler (crond) Service

Daytime Server (daytime-dgram) Service

Daytime Server (daytime-stream) Service

DHCP Server (dhcpd)

Discard Server (discard-dgram) Service

Discard Server (discard-stream) Service

DNS Server (named)

Echo Server (echo-stream) Service

Echo Server (echo-dgram) Service

Email Server Services (dovecot)

eXtended InterNET Daemon (xinetd) Service

Firewall (firewalld) Service

FTP Server (vsftpd)

HTTP Proxy Server (squid)

HTTP Server (httpd)

IPTables Service

IPTables Service

Lightweight Directory Access Protocol (LDAP) Client Services

Lightweight Directory Access Protocol Server (LDAP)

MCS Translation Service (mcstrans)

Network File System Service (NFS)

Network Information Service (NIS)

Network Information Service Server (NIS) (Yellow Pages)

NTP Service

NTP Service

Red Hat Network Service Daemon (RHNSD) Service

RPCbind Service (rpcbind)

RSH Client Services (rsh , rcp and rlogin)

RSH Server (rexec.socket) Service

RSH Server (rlogin.socket) Service

RSH Server (rsh.socket) Service

RSYNC Server (rsyncd) Service

Rsyslog (rsyslog) Service

Rsyslog (rsyslog) Service

Syslog-NG (syslog-ng) Service

Syslog-NG (syslog-ng) Service

Samba Server (SMB)

SETroubleshoot Service (SETroubleshoot)

SNMP Server (snmpd)

Talk Client Services

Talk Server (ntalk) Service

Telnet Client (telnet) Service

Telnet Server (telnet.socket) Service

Telnet Server (telnet-server) Service

tftp-server

Time Server (time-dgram) Service

Time Server (time-stream) Service

Trivial File Transfer Protocol (TFTP)

Trivial File Transfer Protocol Server (TFTP) Service

Trivial File Transfer Protocol Server (TFTP.socket) Service

X Window System (xorg-x11-server-common)

Download the RHEL7 Hardened Services List

CentOS 7 Hardened Services List

CentOS 7 Hardened Services List

Audit (auditd) Service

Audit (auditd) Service

Action: Enable
Command: systemctl enable auditd

Avahi Server

Berkeley RSH-Server (rsh-server) Service

Chargen Server (chargen-dgram) Service

Chargen Server (chargen-stream) Service

Chrony Service

Chrony Service

Common Unix Print System (CUPS)

CRON Scheduler (crond) Service

Daytime Server (daytime-dgram) Service

Daytime Server (daytime-stream) Service

DHCP Server (dhcpd)

Discard Server (discard-dgram) Service

Discard Server (discard-stream) Service

DNS Server (named)

Echo Server (echo-stream) Service

Echo Server (echo-dgram) Service

Email Server Services (dovecot)

eXtended InterNET Daemon (xinetd) Service

Firewall (firewalld) Service

FTP Server (vsftpd)

HTTP Proxy Server (squid)

HTTP Server (httpd)

IPTables Service

IPTables Service

Lightweight Directory Access Protocol (LDAP) Client Services

Lightweight Directory Access Protocol Server (LDAP)

MCS Translation Service (mcstrans)

Network File System Service (NFS)

Network Information Service (NIS)

Network Information Service Server (NIS) (Yellow Pages)

NTP Service

NTP Service

RPCbind Service (rpcbind)

RSH Client Services (rsh , rcp and rlogin)

RSH Server (rexec.socket) Service

RSH Server (rlogin.socket) Service

RSH Server (rsh.socket) Service

RSYNC Server (rsyncd) Service

Rsyslog (rsyslog) Service

Rsyslog (rsyslog) Service

Syslog-NG (syslog-ng) Service

Syslog-NG (syslog-ng) Service

Samba Server (SMB)

SETroubleshoot Service (SETroubleshoot)

SNMP Server (snmpd)

Talk Client Services

Talk Server (ntalk) Service

Telnet Client (telnet) Service

Telnet Server (telnet.socket) Service

Telnet Server (telnet-server) Service

tftp-server

Time Server (time-dgram) Service

Time Server (time-stream) Service

Trivial File Transfer Protocol (TFTP)

Trivial File Transfer Protocol Server (TFTP) Service

Trivial File Transfer Protocol Server (TFTP.socket) Service

X Window System (xorg-x11-server-common)

Download the CentOS7 Hardened Services List

Article Categories

Complete Hardened Services Configuration

To help you get started with deriving your own hardened services policies, NNT have provided you with Hardened Services checklists. You can manually audit your server for compliance using the checklists provided below, changing service mode and state using the Windows Services Console (search or run -> services.msc). As ever, it pays to test application and service delivery as you apply hardening measures to ensure required functionality is preserved while security is improved. The file download contains Hardened Services Lists for Server 2016, Server 2012R2, Server 2008R2, Windows 10, RHEL 7 and CENTOS 7.

Please contact [email protected] with any questions or to get help with your hardening project.

Download The Complete Hardened Services Configuration

NNT Suite of Products

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices

New Net Technologies LLC

Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108

Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358

[email protected]

UK Office

New Net Technologies Ltd

Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310

[email protected]

Information

CIS benchmarking

SEWP

Cybersecurity 500

Sans Institute

Now Certified

Copyright 2019, New Net Technologies LLC. All rights reserved.
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.