Ask Your Question
3

What can one do to harden Fedora 28?

asked 2018-06-13 06:04:40 -0600

jackyjack gravatar image

I have run a system audit using Lynis. I have chkrootkit and rkhunter working. I use Clamav and Comodo.

What can I do to further harden my system, and is there anything specific to Fedora 28 that can be done?

Thank you very much.

edit retag flag offensive close merge delete

3 Answers

Sort by » oldest newest most voted
3

answered 2018-06-13 08:30:37 -0600

hhlp gravatar image

@jacky, you're welcome, you can read :

edit flag offensive delete link more

Comments

selinux: this may also be helpful

florian gravatar imageflorian ( 2018-06-13 20:37:02 -0600 )edit

Regarding SSH, if you're as lazy as I am, here's a really nice guide: https://www.tecmint.com/ssh-passwordl...

dokterw gravatar imagedokterw ( 2018-06-14 13:56:29 -0600 )edit
3

answered 2018-06-13 08:52:07 -0600

Oldmansteptoe gravatar image

The first two would be on, unless you specifically turned it off but:

Selinux:

sudo getenforce

Should say “enforcing”

Firewalld

sudo systemctl status firewalld

Look for “active (enabled)”

sshd:

sudo systemctl status sshd

Again look for “active (enabled)”

For that, stop and disable with:

sudo systemctl disable sshd sudo systemctl stop sshd

edit flag offensive delete link more

Comments

That's great!

jackyjack gravatar imagejackyjack ( 2018-06-14 03:20:56 -0600 )edit
3

answered 2018-06-13 07:04:02 -0600

hhlp gravatar image

Hello jacky, welvome to ask fedora :

you can read and old fedora documentation, is quite old but you can read : Security_Guide

Some basic stuff come to my mind :

  • Encrypt the drive during installation. how-to-encrypt-your-fedora-file-system
  • Leave SELinux on (should be on by default) and enable firewalld. (many people says this is not necesary and it is)
  • Disable SSH if you never intend to remotely connect to the machine via SSH. If you do, change the port, configure SSH keys for the appropriate devices, and disable password authentication.
  • Remove any software that is installed by default that you never intend to actually use.

also you can read this -> table-rhel7-stig-manual and sec-securitytechnicalimplementation_guide and system-administrators-guide

Regards.,

edit flag offensive delete link more

Comments

Thank you very much. If you don't mind, please tell me how to leave SELinix on (from the terminal), and how to enable firewalld (again from the terminal) and how to disable SSH (you guessed it, from the terminal). It is great to have your help.

jackyjack gravatar imagejackyjack ( 2018-06-13 08:10:28 -0600 )edit

@Oldmansteptoe, you should convert comment to answer, so I can upvote it, as it is very good.

steveebey73742 gravatar imagesteveebey73742 ( 2018-06-13 18:10:33 -0600 )edit

that function to convert a comment to an answer doesn't exist anymore, does it?

florian gravatar imageflorian ( 2018-06-13 20:32:06 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2018-06-13 06:04:40 -0600

Seen: 437 times

Last updated: Jun 13