← All student work

[ LINUX / SYSTEMS ]

Linux Hardening Baseline

Authored a CIS-aligned hardening baseline for a public-facing Ubuntu server and validated with Lynis.

  • Linux
  • Hardening

// the_work

Started from a fresh Ubuntu LTS image. Disabled unused services, enforced fail2ban, deployed a UFW ruleset, and locked SSH down. Final Lynis score 92/100.

// artifacts

FROM THE
PROJECT FILES.

$ terminallynis · final scan
# lynis audit system --quiet
[ Hardening index : 92 ]
[ Tests performed : 264 ]
[ Plugins enabled : 0 ]

Suggestions:
 * Enable AppArmor for postfix
 * Tune /etc/login.defs PASS_MAX_DAYS
 * Add audit rules for /etc/ssh/sshd_config
</> code/etc/ssh/sshd_config · diff
- #PermitRootLogin prohibit-password
+ PermitRootLogin no
- #PasswordAuthentication yes
+ PasswordAuthentication no
+ PubkeyAuthentication yes
+ MaxAuthTries 3
+ ClientAliveInterval 300
+ ClientAliveCountMax 0

// your_work

Want this on your portfolio?