February 2020
Intermediate to advanced
666 pages
15h 45m
English
Content preview from Mastering Linux Security and Hardening - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Setting additional kernel-hardening parameters
What we've seen so far isn't too bad. Most of the parameters that we've looked at are already set to their most secure values. But is there room for improvement? Indeed there is. You wouldn't know it by looking at any of the configuration files, though. On both Ubuntu and CentOS, quite a few items have default values that aren't set in any of the normal configuration files. The best way to see this is to use a system scanner, such as Lynis.
Lynis is a security scanner that shows lots of information about a system. (We'll cover it in more detail in Chapter 13, Vulnerability Scanning and Intrusion Detection.) For now, we'll just cover what it can tell us about hardening the Linux kernel.
After ...