|
70 | 70 |
|
71 | 71 | **The Practical Linux Hardening Guide** provides a high-level overview of the hardening GNU/Linux systems. It is not an official standard or handbook but it _touches_ and _use_ industry standards. |
72 | 72 |
|
73 | | -This guide also provides you with _practical step-by-step instructions_ for building your own hardened systems and services. One of the main goals of this guide is to create a single document covering _internal_ and _external_ threats. |
| 73 | +This guide also provides you with _practical step-by-step instructions_ for building your own hardened systems and services. One of the main goals is to create a single document covering _internal_ and _external_ threats. |
74 | 74 |
|
75 | | -A few simple rules for this project: |
| 75 | +A few rules for this project: |
76 | 76 |
|
77 | 77 | - useful, simple and not tiring |
78 | 78 | - include a lot of security tips from the C2S/CIS |
@@ -124,11 +124,35 @@ If you use another distribution there is no problem, this guide is also for you. |
124 | 124 |
|
125 | 125 | ### How to read this guide? |
126 | 126 |
|
127 | | -The three levels of understanding: |
| 127 | +Primarily please look at the structure of the chapters. Each of them looks as follows: |
128 | 128 |
|
129 | | -- read the _main chapters_ (introduction and other sub chapters), e.g. _Linux kernel hardening_, it offers a general overview |
| 129 | +``` |
| 130 | + Chapter - e.g. Core Layer |
| 131 | + | |
| 132 | + |-- Subsection - e.g. Maintaining Software |
| 133 | + | \ |
| 134 | + | |-- Rationale |
| 135 | + | |-- Solution |
| 136 | + | |-- Policies |
| 137 | + | |-- Comments |
| 138 | + | |-- Useful resources |
| 139 | + | |
| 140 | + |-- Subsection - e.g. Accounts and Access |
| 141 | + | \ |
| 142 | + | |-- Rationale |
| 143 | + | |-- Solution |
| 144 | + | |-- Policies |
| 145 | + | |-- Comments |
| 146 | + | |-- Useful resources |
| 147 | +``` |
| 148 | + |
| 149 | +Levels of understanding: |
| 150 | + |
| 151 | +- read the _chapter_ and _subsection_, it offers a general overview |
| 152 | +- read the _rationale_, it tell you why you should make changes |
| 153 | +- read the _solution_ and _policies_, it's always compliant with the standard and on this basis, make changes |
| 154 | +- read the _comments_ to find out what you can change/add to the _solution_ |
130 | 155 | - check the _useful resources_ for a deeper understanding |
131 | | -- check the _policies_ and on this basis, make changes |
132 | 156 |
|
133 | 157 | ### Okay. Let's start, 3, 2, 1... STOP! |
134 | 158 |
|
@@ -197,7 +221,7 @@ You should inspect the security content of your system with `oscap info` module: |
197 | 221 |
|
198 | 222 | ```bash |
199 | 223 | # For RHEL: |
200 | | -oscap info /usr/share/xml/scap/ssg/content//ssg-rhel7-ds.xml |
| 224 | +oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml |
201 | 225 |
|
202 | 226 | # For CentOS: |
203 | 227 | oscap info /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml |
|
0 commit comments