Linux System Hardening - ryzendew/Linux-Tips-and-Tricks GitHub Wiki
Linux System Hardening Guide
Complete beginner-friendly guide to system hardening on Linux, covering Arch Linux, CachyOS, and other distributions including security best practices, system lockdown, and security tools.
Table of Contents
Security Best Practices
User Management
Secure users:
# Disable root login
sudo passwd -l root
# Use sudo
sudo visudo
# Ensure: %wheel ALL=(ALL) ALL
Service Management
Disable unnecessary:
# List services
systemctl list-unit-files --type=service
# Disable service
sudo systemctl disable service-name
Firewall Configuration
UFW
Configure UFW:
# Install UFW
sudo pacman -S ufw
# Enable firewall
sudo ufw enable
# Default deny
sudo ufw default deny incoming
sudo ufw default allow outgoing
firewalld
Configure firewalld:
# Install firewalld
sudo pacman -S firewalld
# Enable
sudo systemctl enable --now firewalld
# Configure zones
sudo firewall-cmd --set-default-zone public
See Security Configuration for detailed guide.
Kernel Hardening
Kernel Parameters
Harden kernel:
# Edit GRUB
sudo vim /etc/default/grub
Add:
GRUB_CMDLINE_LINUX_DEFAULT="... apparmor=1 security=apparmor"
Regenerate:
sudo grub-mkconfig -o /boot/grub/grub.cfg
Security Tools
fail2ban
Install fail2ban:
# Install fail2ban
sudo pacman -S fail2ban
# Enable
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
rkhunter
Install rkhunter:
# Install rkhunter
sudo pacman -S rkhunter
# Update database
sudo rkhunter --update
# Check system
sudo rkhunter --check
Troubleshooting
Security Issues
Check security:
# Check firewall
sudo ufw status
# Check services
systemctl list-unit-files --type=service
Summary
This guide covered system hardening for Arch Linux, CachyOS, and other distributions, including security practices, firewall, and security tools.
Next Steps
- Security Configuration - Security setup
- SELinux and AppArmor - MAC setup
- SSH Configuration - SSH security
- ArchWiki Security: https://wiki.archlinux.org/title/Security
This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.