System Hardening Checklist

The following checklist summarizes the major activities that are required in order to “harden” a Unix system.

Preliminary planning

  • Understand the functions that the system will be used to perform. Determine the software that will be needed.
  • Plan the partition/filesystem layout with security in mind.
  • Plan the system’s user account and group structure.
  • Gather all required software:

    — Operating system installation media

    — Patches to the operating system since media release

    — Additional software packages (including any patches)

  • Document the hardening process as you go.

Physical system security

  • Select a location that minimizes risk from accidental damage (e.g., no overhead sprinklers).
  • If appropriate, secure the physical system location with locks and other security devices.
  • Secure the cabling to network and other devices.
  • Install an uninterruptible power supply (UPS).
  • Assign a BIOS/RAM/EEPROM password (this prevents unauthorized users from modifying settings).
  • Attach any equipment identification tags/stickers to the computer and components (if applicable).

Operating system installation

  • Set up disk partitioning (or logical volumes), taking into account any security considerations.
  • After the initial operating system installation, apply any operating system patches that have been released since the installation media was created.
  • When available, enable the high security/trusted operating system version.
  • Build a custom kernel that supports only ...

Get Essential System Administration Pocket Reference now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.