GitHub 주소: https://github.com/konstruktoid/hardening?fbclid=IwAR3e86xu_XdY7IhTSYWRR61yh7zasTpEgKbjV67m-v2wAd1tzrxgqiq4Dpw
Hardening Ubuntu. Systemd edition.
A quick way to make a Ubuntu server a bit more secure.
Tested on Ubuntu 20.04 Focal Fossa, Ubuntu 21.04 Hirsute Hippo and Ubuntu 21.10 Impish Indri (development branch).
Systemd required.
If you’re just interested in the security focused systemd configuration, it’s available as a separate document.
If you’re interested in testing your host settings, you’ll find the instructions here.
|
Note
|
This is a constant work in progress. Make sure you understand what it does. Read the code and do not run this script without first testing in a non-operational environment. |
When possible, use the newly installed and configured system as a reference, or golden, image. Use that image as a baseline installation media and ensure that any future installation comply with benchmarks and policies using a configuration management tool, e.g Ansible or Puppet.
Packer template and Ansible playbook
A Packer template is available in the konstruktoid/hardening-geniso repository.
An Ansible playbook is available in the konstruktoid/ansible-role-hardening repository.