Linux hardening server - kyle rankin


#1

i whould like to setup a server for a local community, my linux knowledge are basilar, i know cloud are someone else pc, and i don’t like it too much, but i also know a bad setup of you own server is even worse, so i’m looking for something will help me to accomplish my purpose, from the start till the end, how to install and harden services, a complete guide to containers or chroot if this help the security, apparmor, how to manage users account and lock them inside their userdata cage, learn where to find and how to read system logs, how to deal with hackers attacks

in summary i’m looking for a complete guide from zero to 100, i can immagine is just not possible to find it in one single book, i could be happy to be wrong, anyway i’m here to ask some help

why i wrote @Kyle_Rankin name? because i saw his book “Linux Hardening in Hostile Networks: Server Security from TLS to TOR” and seems really interesting, but as for other interesting book i saw, for example “Mastering Linux Security and Hardening” wrote by Donald Tevault is hard to understand if a book is newbie friendly or not

so i hope anyone who have some knwoledge to help me, of course i hope @Kyle_Rankin will found time to gimme some answer about his book and this topic in general, any suggestions are welcome


New user looking for first secure laptop
#2

I have not found that book for which you are looking either. I had been away from Linux for a while, so when I purchased my Librem, I wanted to make sure I did not overlook the obvious. Unfortunately, I have found a lot of information to be superficial or dated.

There are other hardening resources beyond books that I have found useful. I start my day with Johannes Ullrich’s security podcast at SANS, so I started with checklists there:

https://www.sans.org/score/checklists/linux

I found those to be the most helpful immediately.

Others I have referenced:

https://github.com/lfit/itpol/blob/master/linux-workstation-security.md

(I do understand you are asking about servers, but that might still be useful to you.)

https://www.debian.org/doc/manuals/securing-debian-howto/

linuxsecurity.com has some good resources, but it is hard for me to navigate that site and the links to a few things I wanted to read were broken, e.g. the firewall primer.

I have not done everything recommended in any of these resources. Use them at your own risk. :slight_smile:


#3

So I wrote that book to attempt to do most of what you are asking. It is written for people of all experience levels, and each chapter starts with basics that everyone can do and advances into intermediate and then more advanced topics that more advanced people (or those with more time) can look into.

The main missing piece is that while I had originally intended on having a chapter for containers, it ultimately didn’t make it into the book. Other than that, though, you should find it a useful guide to hardening servers and workstations.


#4

Thank you very much

Do you think container is now a must for harden it or the other steps are enough to maintain a secure server? I’d like to isolate much as possible programs to system and other programs and users data to prevent uncovered bugs or malicious hacker/user attempt


#5

@Kyle_Rankin Is there anywhere we can purchase your ebook using Bitcoin or other crypto? I’m only seeing Paypal or other traditional purchase options online.


#6

There is no problem use paypal if the seller do not write in it what are you buying, they just see “order number 12345”


#7

@Kyle_Rankin I’m reading the book.is really well.written, thank you
I have one question.
What I found no clear, is about Apache ownership I did not understood what kind of step should i do, i’ve searched a step by step guide on internet but i found nothing, i did not understood what command should i do and what are.the directories should i change the user, i will be really gratefull if you could make a little guide here

Another thing i do not understood is how encrypt postresql database, you write about 2 kind of encryption but for i think for my uses.case the symmetric is the best choice, but i do not.understood how to activate different encryption per.database and.how to use.with client, should be nice for example a step by step guide to make a db for.nextcloud encrypt it and allow nextcloud to use it.
As.newbie it.wasn’t really clear, this 2 points, with this 2 exception the book is awesome easy to understand and well readable
Thank you for write it, i hope you will finde some time to answer.me