← All student work
[ LINUX / SYSTEMS ]
Linux Hardening Baseline
Authored a CIS-aligned hardening baseline for a public-facing Ubuntu server and validated with Lynis.
- Linux
- Hardening
// the_work
Started from a fresh Ubuntu LTS image. Disabled unused services, enforced fail2ban, deployed a UFW ruleset, and locked SSH down. Final Lynis score 92/100.
// artifacts
FROM THE
PROJECT FILES.
# lynis audit system --quiet [ Hardening index : 92 ] [ Tests performed : 264 ] [ Plugins enabled : 0 ] Suggestions: * Enable AppArmor for postfix * Tune /etc/login.defs PASS_MAX_DAYS * Add audit rules for /etc/ssh/sshd_config
- #PermitRootLogin prohibit-password + PermitRootLogin no - #PasswordAuthentication yes + PasswordAuthentication no + PubkeyAuthentication yes + MaxAuthTries 3 + ClientAliveInterval 300 + ClientAliveCountMax 0
// your_work