1 views collected around this technical thread.
This guide walks through a comprehensive Linux hardening checklist for RHEL7, covering account locking, password policies, SSH port changes, SELinux activation, firewall tightening, and file attribute protections to elevate the system to a B1 security level.
This guide outlines practical Nginx configuration techniques to mitigate DDoS, SQL injection, path traversal, XSS, host header injection, clickjacking, and other security threats while also covering SSL/TLS encryption, server token hiding, and essential command‑line operations.
This article presents ten practical methods for hardening Kubernetes application manifests, covering securityContext settings such as runAsUser, privileged mode, capabilities, read‑only root filesystem, privilege escalation, Seccomp, resource limits, image tagging, and optional AppArmor/SELinux policies, to reduce attack surface during development and deployment.
This article recounts a real‑world incident where a SpringBoot server was compromised by a crypto‑mining malware, details the malicious code and its actions, shows forensic traces left on the system, and provides step‑by‑step remediation and hardening recommendations.
This guide provides a detailed, step‑by‑step hardening strategy for Linux systems, covering distro selection, kernel choices, extensive sysctl tweaks, boot‑loader parameters, MAC policies, sandboxing, memory allocator hardening, compile‑time mitigations, root account protection, firewall rules, swap configuration, PAM policies, microcode updates, IPv6 privacy, partition mounting options, entropy sources, and physical security measures.
This guide outlines comprehensive Linux security hardening steps—including account protection, service minimization, password policies, sudo usage, file system safeguards, rootkit detection tools, and post‑attack response—to help operations teams secure their servers against common threats.
This guide presents a comprehensive Linux security hardening checklist covering account and login safety, unnecessary service removal, password and key authentication policies, sudo usage, filesystem protection, remote access safeguards, rootkit detection tools, and step‑by‑step incident response for compromised servers.