GitHub 주소: https://github.com/konstruktoid/hardening?fbclid=IwAR3e86xu_XdY7IhTSYWRR61yh7zasTpEgKbjV67m-v2wAd1tzrxgqiq4Dpw
Hardening Ubuntu. Systemd edition.
A quick way to make a Ubuntu server a bit more secure.
Tested on Ubuntu 20.04 Focal Fossa
, Ubuntu 21.04 Hirsute Hippo
and Ubuntu 21.10 Impish Indri (development branch)
.
Systemd required.
If you’re just interested in the security focused systemd configuration, it’s available as a separate document.
If you’re interested in testing your host settings, you’ll find the instructions here.
Note
|
This is a constant work in progress. Make sure you understand what it does. Read the code and do not run this script without first testing in a non-operational environment. |
When possible, use the newly installed and configured system as a reference, or golden, image. Use that image as a baseline installation media and ensure that any future installation comply with benchmarks and policies using a configuration management tool, e.g Ansible or Puppet.
Packer template and Ansible playbook
A Packer template is available in the konstruktoid/hardening-geniso repository.
An Ansible playbook is available in the konstruktoid/ansible-role-hardening repository.