Arch Linux System Hardening - ryzendew/Linux-Tips-and-Tricks GitHub Wiki

Arch Linux System Hardening Guide

Complete beginner-friendly guide to system hardening on Arch Linux, including security best practices, system lockdown, and security tools.

Table of Contents

  1. Security Best Practices
  2. Firewall Configuration
  3. Kernel Hardening
  4. Security Tools
  5. Troubleshooting

Security Best Practices

User Management

Secure users:

# Disable root login
sudo passwd -l root

# Use sudo
sudo visudo
# Ensure: %wheel ALL=(ALL) ALL

Service Management

Disable unnecessary:

# List services
systemctl list-unit-files --type=service

# Disable service
sudo systemctl disable service-name

Firewall Configuration

UFW

Configure UFW:

# Install UFW
sudo pacman -S ufw

# Enable firewall
sudo ufw enable

# Default deny
sudo ufw default deny incoming
sudo ufw default allow outgoing

firewalld

Configure firewalld:

# Install firewalld
sudo pacman -S firewalld

# Enable
sudo systemctl enable firewalld
sudo systemctl start firewalld

# Configure zones
sudo firewall-cmd --set-default-zone public

Kernel Hardening

Hardened Kernel

Install hardened:

# Install hardened kernel
sudo pacman -S linux-hardened linux-hardened-headers

# Update bootloader
sudo grub-mkconfig -o /boot/grub/grub.cfg

Kernel Parameters

Add parameters:

# Edit GRUB
sudo vim /etc/default/grub

Add:

GRUB_CMDLINE_LINUX_DEFAULT="... apparmor=1 security=apparmor"

Security Tools

fail2ban

Install fail2ban:

# Install fail2ban
sudo pacman -S fail2ban

# Enable
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

rkhunter

Install rkhunter:

# Install rkhunter
sudo pacman -S rkhunter

# Update database
sudo rkhunter --update

# Scan
sudo rkhunter --check

Troubleshooting

Security Issues

Check logs:

# Check fail2ban
sudo journalctl -u fail2ban

# Check firewall
sudo ufw status verbose

Summary

This guide covered security best practices, firewall, kernel hardening, and security tools.

Next Steps

This guide is based on the ArchWiki. For the most up-to-date information, always refer to the official ArchWiki.