Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
SUSE Linux Enterprise Server 12 SP4

Hardening Guide

Deals with the particulars of installing and setting up a secure SUSE Linux Enterprise Server, and additional post-installation processes required to further secure and harden that installation. Supports the administrator with security-related choices and decisions.

Publication Date: October 23, 2020
About This Guide
Assumptions and Scope
Contents of this Book
Available Documentation
Giving Feedback
Documentation Conventions
1 Common Criteria
1.1 Introduction
1.2 Evaluation Assurance Level (EAL)
1.3 Generic Guiding Principles
1.4 For More Information
2 Linux Security and Service Protection Methods
2.1 Physical Security
2.2 Locking Down the BIOS
2.3 Security via the Boot Loaders
2.4 Verifying Security Action with seccheck
2.5 Retiring Linux Servers with Sensitive Data
2.6 Backups
2.7 Disk Partitions
2.8 Firewall (iptables)
2.9 Security Features in the Kernel
2.10 AppArmor
2.11 SELinux
2.12 FTP, telnet, and rlogin (rsh)
2.13 Removing Unnecessary Software Packages (RPMs)
2.14 Patching Linux Systems
2.15 Securing the Network—Open Network Ports Detection
2.16 xinetd Services - Disabling
2.17 Securing Postfix
2.18 File Systems: Securing NFS
2.19 Copying Files Using SSH Without Providing Login Prompts
2.20 Checking File Permissions and Ownership
2.21 Default umask
2.22 SUID/SGID Files
2.23 World-Writable Files
2.24 Orphaned or Unowned Files
2.25 Restricting Access to Removable Media
2.26 Various Account Checks
2.27 Enabling Password Aging
2.28 Stronger Password Enforcement
2.29 Leveraging an Effective PAM stack
2.30 Restricting root Logins
2.31 Setting an Inactivity Timeout for Interactive Shell Sessions
2.32 Preventing Accidental Denial of Service
2.33 Displaying Login Banners
2.34 Miscellaneous
A Documentation Updates
A.1 November 2016 (Initial Release of SUSE Linux Enterprise Server 12 SP2)
A.2 December 2015 (Initial Release of SUSE Linux Enterprise Server 12 SP1)
A.3 February 2015 (Documentation Maintenance Update)
A.4 October 2014 (Initial Release of SUSE Linux Enterprise Server 12)

Copyright © 2006– 2020 SUSE LLC and contributors. All rights reserved.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled GNU Free Documentation License.

For SUSE trademarks, see https://www.suse.com/company/legal/. All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.

All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof.

Print this page