I’ve been doing quite a bit of research into “hardening” Linux servers lately. Specifically, CentOS servers have been the focus, as I don’t personally have much experience with other distributions.
What one person considers good enough, might be a walking nightmare for another. So with that being said, I’m going to start with basic steps that anyone can do.
Many of these steps will apply as-is to Fedora, as well, in case you want to clamp down security on your home Linux workstation, however being that Fedora is the test bed for RedHat Enterprise Linux, some packages will be different. It is therefore possible for Fedora users that some configurations either won’t be necessary due to already being applied, or the configurations you see in the this article and the ones to follow will need some tweaking to get them to work.
It’s also important to note that these steps are best applied on a freshly installed/imaged server. Some settings can actually be integrated into Kickstart if you are going to be deploying hundreds of identical machines, but if you are like me and have less than 5 servers, it’s probably easier to just do these steps on one server and then make an image to be cloned to the other servers.