Linux Hardening

Applying security baseline configurations for robust, production-ready Linux servers.

Linux Hardening Project

Project Overview

Designed a rigorous, automated playbook to lock down vulnerable out-of-the-box Linux installations. This project focuses on minimizing the potential attack surface by configuring strict firewall rules, applying least privilege principles, and auditing core system settings to align with CIS benchmarks.

Key Features

  • Automated enforcement of SSH restrictions (Disabling root login, enforcing key-based auth).
  • Configured default-deny firewall policies using UFW / iptables with strict inbound allowances.
  • Automated setup and maintenance of Fail2Ban to thwart brute-force password guessing attempts.
  • Disabling non-essential services and removing legacy, insecure packages.
  • Implementation of auditd for comprehensive file integrity and process monitoring.

Technologies Used

Ubuntu / CentOS Bash Scripting UFW & iptables Fail2Ban Auditd
Back to Projects