In the previous sections, we discovered the required methods and tools to attack the Linux infrastructure. Now it is time to deploy safeguards and learn how to defend against these attacks and secure your infrastructure. To harden your Linux systems, you need to do the following:

• Update Linux kernel and applications
• Avoid using insecure services such as FTP and telnet and use SFTP and OpenSSH instead
• Minimize the attack surface by using only the needed applications and services
• If possible, use SELinux
• Use a strong password policy
• Keep an eye on faillog records
• Harden /etc/sysctl.conf 
• Use an authentication server

Center of Internet Security (CIS) provides many hardening guides for a various number of operating systems including ...