Home Security & Privacy Linux Security Hardening

Linux Security Hardening Cheat Sheet

Kernel, SSH, firewall, and auditing

Last Updated: November 21, 2025

Areas

Component Action
SSH Disable root, use keys
Firewall Allow minimal ports
Audit Log via auditd
Patching Automate updates

Commands

ufw allow 22/tcp
Allow SSH
apt-get update && apt-get upgrade
Patch system
auditctl -w /etc/ssh/sshd_config
Watch changes

Monitoring

Ship audit logs to SIEM, alert on failed logins, and rotate keys.

Related Cheat Sheets

Vault Secrets Engines

Enable engines, generate dynamic credentials, and renew leases

Incident Response

Declare incidents, contain, communicate, and learn

Node.js Security

Audit dependencies, configure CSP, and lock env variables

Passwordless Authentication

Deploy magic links, WebAuthn passkeys, and OTP flows

💡 Pro Tip: Enable updates, disable root login, and ship audit logs off-box.

Related Cheat Sheets

Browse all Security & Privacy →

← Back to Security & Privacy | Browse all categories | View all cheat sheets