LogoLogo
cegedim.cloudITCareAPIPrivacy
English
English
  • Documentation
  • ITCare
    • What is ITCare ?
      • Get started with ITCare
      • Demos
    • Enercare
      • Carbon footprint
    • Release notes
  • ITCare API
    • Overview
    • Authentication
    • Errors
    • Pagination
    • API Reference
      • Quick start
      • Analytics
        • Matomo
      • Changes
        • Changes
      • Compute
        • Application Servers
        • Backup Policies
        • Containers
        • Environments
        • Instances
        • Platform
        • Resource Filters
        • Resource Types
        • Resources
        • Services
        • Statuses
        • Tag Keys
        • Tag Values
        • Types
      • Databases
        • Databases
        • MariaDB
        • OpenSearch
        • PostgreSQL
        • Redis
        • SQL Server
      • Hardwares
        • Hardwares
      • Messaging
        • Apache Kafka
        • Message Brokers
        • RabbitMQ
      • Networking
        • Domains
        • Load Balancers
        • Network Clusters
        • Networks
      • Operations
        • Actions
        • Operations
      • Storage
        • Glusterfs
        • Overdrive
      • Topology
        • Topology
  • Services
    • Products
    • Support policy
    • Patch policy
    • RACI
  • Analytics
    • Matomo
      • Matomo - Features
      • Matomo - Get started
  • Compute
    • Virtual instances
      • Virtual instances - Features
        • Linux - Hardening
      • Virtual instances - Get started
    • Containers (K8s)
      • K8s - Features
        • Hardening
        • Persistent Storage
      • K8s - Get started
        • High Availability
  • Databases
    • MariaDB
      • MariaDB - Features
      • MariaDB - Get started
    • OpenSearch
      • OpenSearch - Features
        • v2 - Breaking changes
      • OpenSearch - Get started
    • PostgreSQL
      • PostgreSQL - Features
      • PostgreSQL - Get started
      • PostgreSQL - Upgrade
    • Redis
      • Redis - Features
      • Redis - Get started
      • Redis - Upgrade
    • SQL Server
      • SQL Server - Features
      • SQL Server - Get started
      • SQL Server - Upgrade
  • Messaging
    • Apache Kafka
      • Apache Kafka - Features
      • Apache Kafka - Get started
      • Apache Kafka - Upgrade
    • RabbitMQ
      • RabbitMQ - Features
      • RabbitMQ - Get started
      • RabbitMQ - Upgrade
    • SMS
      • SMS - Get started
  • Monitoring
    • ExtraHop
  • Security
    • Advanced Vulnerability Assessment
    • Bot Defense
      • Bot Defense - Features
    • Data Masking
      • Data Masking - Get started
    • Phishing Campaign
  • Storage
    • GlusterFS
      • GlusterFS - Features
      • GlusterFS - Get started
    • Object Storage
      • Object Storage - Features
        • S3 API compatibility
        • Limitation and Best Practices
        • Presigned URL
        • Bucket Policies
        • Bucket Lifecycle
        • Object Lock
      • Object Storage - Get started
        • Manage Object Users
        • Manage versioning in Bucket
        • Manage Bucket access
    • OverDrive
      • OverDrive - Features
      • OverDrive - Get started
Powered by GitBook
On this page
  • Filesystems
  • Secure boot
  • Sudo usage
  • Process hardening
  • Network
  • Logging
  • Access and Authentication
Export as PDF
  1. Compute
  2. Virtual instances
  3. Virtual instances - Features

Linux - Hardening

PreviousVirtual instances - FeaturesNextVirtual instances - Get started

Last updated 1 month ago

The following Linux distributions can be hardened during provisioning:

  • Debian starting version 11 and 12

  • Ubuntu starting version 22.04 and 24.04

  • Oracle Linux starting version 9

Recommandations from the have been following in order to enforce, harden and secure our Linux operating systems.

Filesystems

  • Some weak filesystems are disabled in the kernel

  • Separate mount points for very active filesystems: /var/log, /var/log/audit, /var/tmp

  • Protection of /var/log, /tmp and /var/tmp

  • Disabling removable storage

Secure boot

  • Ensure root password is required to boot in rescue mode

Sudo usage

  • Tracing of every usage of sudo command

Process hardening

  • Several parameters are activated in kernel to protect running processes

Network

  • Unnecessary or weak network services are disabled (enforced by configuration manager)

  • Ensure time service is configured and active

  • IPV6 is disabled

  • Several kernel parameters are set to protect network

  • Disable uncommon network protocols

Logging

  • Centralization of system logs

  • Ensure that every event is logged

Access and Authentication

  • Ensure cron service is active and configured

  • Ensure cron directories are protected

  • Ensure ssh is active and configured

  • Force ssh secure protocols and parameters

  • Ensure idle sessions deactivation

  • Ensure strong password rules are applied

  • Ensure sensitive authentication files are protected

CIS Benchmark documents