A practical Linux security hardening baseline: CIS Benchmark controls, kernel hardening via sysctl, AppArmor mandatory access control, seccomp syscall filtering, auditd for syscall monitoring, SSH hardening, fail2ban, unattended-upgrades, and systemd unit sandboxing.
Apparmor
-
Linux Security Hardening Baseline -
Linux Hardening Checklist A practical Linux hardening checklist covering CIS benchmark controls, auditd syscall monitoring, AppArmor and SELinux mandatory access control, kernel parameter tuning, and automated scoring with Lynis.