Skip to content

Instantly share code, notes, and snippets.

@curtismckee

curtismckee/debian-security.md

Created December 3, 2018 20:28
Show Gist options
  • Save curtismckee/3d78602e36bbe9b2b11a14f185576db6 to your computer and use it in GitHub Desktop.
Save curtismckee/3d78602e36bbe9b2b11a14f185576db6 to your computer and use it in GitHub Desktop.
Download ZIP
Guideline for locking down your debian installation to be more secure.
Raw
debian-security.md

Debian Security Guideline

Encryption/ Device Lock Down

  • Revoke GRUB shell access
  • UEFi setup menu supervisor password protected
  • All Boot devices disabled
  • LUKS hard drive encryption

TPM Module

  • Storing LUKS key and doing pre-boot integrity checks

Users Lockdown

  • Users / Groups permissions
  • User TOTP 2factor Authentication

Password

  • /etc/pam.d/pam-cracklib (pass strength/history)
  • /etc/login.defs (pass rotation)

Firewall

  • iptables

Logging

  • iptables log Analysis
  • Rsyslog
  • LogRotate

Application Whitelisting

  • AppArmor

Password Management

  • KeePassXC
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment