System Hardening Checklist
The following checklist summarizes the major activities that are required in order to “harden” a Unix system.
- Understand the functions that the system will be used to perform. Determine the software that will be needed.
- Plan the partition/filesystem layout with security in mind.
- Plan the system’s user account and group structure.
- Gather all required software:
— Operating system installation media
— Patches to the operating system since media release
— Additional software packages (including any patches)
- Document the hardening process as you go.
Physical system security
- Select a location that minimizes risk from accidental damage (e.g., no overhead sprinklers).
- If appropriate, secure the physical system location with locks and other security devices.
- Secure the cabling to network and other devices.
- Install an uninterruptible power supply (UPS).
- Assign a BIOS/RAM/EEPROM password (this prevents unauthorized users from modifying settings).
- Attach any equipment identification tags/stickers to the computer and components (if applicable).
Operating system installation
- Set up disk partitioning (or logical volumes), taking into account any security considerations.
- After the initial operating system installation, apply any operating system patches that have been released since the installation media was created.
- When available, enable the high security/trusted operating system version.
- Build a custom kernel that supports only ...