Linux Hardening (Linux+ Objective 2.1.3)
HTML-код
- Опубликовано: 27 сен 2024
- Linux is pretty secure by default, but if you're using it as a server, it's important to harden it against attack. This video isn't a how-to really, more of a video explaining some things to be aware of. For an in-depth how-to, I HIGHLY recommend my friend Kyle Rankin's book:
Linux Hardening in Hostile Networks
amzn.to/3qpDlD6
(Affiliate link -- thanks for encouraging me to use these!)
We've cover a lot of these topics before, but this is looking at them through the lens of security. We cover:
* Scanning
* UEFI Secure Boot
* Centralized Logging
* UMASK
* Password strength (with horror story...)
* Kernel tuning
* Firewalls
* Service accounts
The CompTIA Linux+ objectives are available here: snar.co/plusob...
WAYS TO SUPPORT SHAWN
---------------------------------------------
Patreon: / shawnp0wers
Merch: store.nerdling...
SuperStickers, etc!
WAYS TO SUPPORT EACH OTHER
-------------------------------------------------------
1) Be Kind
2) Answer comments/questions here
3) Ask/Answer questions on our Discord: snar.co/discord
WAYS TO FIND SHAWN OTHER PLACES
----------------------------------------------------------------
Landing Page: shawnp0wers.com
#linux #comptia #security
As an Amazon Associate I earn from qualifying purchases.
Thank you 🙏
Hello Shawn! Also hello new video! 😊
Hello there!
You're awesome, sir! Thank you so much
You're very welcome!
the secure boot thing with microsoft is wierd given that the internet runs on linux, its such a shame! i wonder why the penguins are not complaining 🤷♂️
ok "hot take" here, i dont like having the firewall up on my server, i ussually delegate that responsibility to the network firewall appliance like pfsense, i use VLANs and i always have rules that apply to inbound and or outbound traffic on that firewall, part of the reason is that i would like to have the firewall do the heavy lifting of policing the packets and have my servers focus on the bussiness logic which is serving requests. i do this on even cloud environments, not just onPrem. btw great video.
Truth be told, I usually don't enable a local firewall either. But it fits my situation (like it sounds like it fits yours) -- that said, I'm glad they listed it, because it gave me the opportunity to discuss why you should at least think through the situation.
And thank you. :)
ofc in homelab where its one user, one can disable firewall on server, but when in enterprise with thousands of employees connecting to same network, so one compromised employee might cause sever damage to company., Server firewall is another layer of hardening.
Thanks!
No problem!
What do you think about Linux Foundation Cloud Technician (LFCT)?
I haven't looked into it at all! I had a bad experience with the one LF exam that I sat for, but the material was good.
Shawn, do you want a job. I have a remote Senior Linux Admin Position would pay very well. (Not a Scam). I have been watching all your videos for quite awhile. Fully remote, M-F.