An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. Table of Contents: - Introduction - Guide Objective - Why Secure Your Server - Why Yet Another Guide - Other Guides - To Do / To Add - Guide Overview - About This Guide - My Use-Case - Editing Configuration Files - For The Lazy - Contributing - Before You Start - Identify Your Principles - Picking A Linux Distribution - Installing Linux Pre/Post Installation Requirements - Other Important Notes - Using Ansible Playbooks to secure your Linux Server - The SSH Server - Important Note Before You Make SSH Changes - SSH Public/Private Keys - Create SSH Group For AllowGroups - Secure /etc/ssh/sshd_config - Remove Short Diffie-Hellman Keys - 2FA/MFA for SSH - The Basics - Limit Who Can Use sudo - Limit Who Can Use su - Run applications in a sandbox with FireJail - NTP Client - Securing /proc - Force Accounts To Use Secure Passwords - Automatic Security Updates and Alerts - More Secure Random Entropy Pool (WIP) - Add Panic/Secondary/Fake password Login Security System - The Network Firewall With UFW (Uncomplicated Firewall) - iptables - Intrusion Detection And Prevention with PSAD - Application Intrusion Detection
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A comprehensive guide to network security monitoring, teaching readers how to detect and respond to intrusions using open source software and vendor-neutral tools.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A repository providing centralized access to presentation slides from major cybersecurity conferences including Black Hat, Offensivecon, and REcon events.
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
A comprehensive SQL injection cheat sheet covering various database management systems and techniques.
A comprehensive reference guide covering Nessus vulnerability scanner configuration, management, API usage, and best practices.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.