-
-
Notifications
You must be signed in to change notification settings - Fork 2
Linux System Hardening
Mattscreative edited this page Dec 5, 2025
·
2 revisions
Complete beginner-friendly guide to system hardening on Linux, covering Arch Linux, CachyOS, and other distributions including security best practices, system lockdown, and security tools.
Secure users:
# Disable root login
sudo passwd -l root
# Use sudo
sudo visudo
# Ensure: %wheel ALL=(ALL) ALLDisable unnecessary:
# List services
systemctl list-unit-files --type=service
# Disable service
sudo systemctl disable service-nameConfigure UFW:
# Install UFW
sudo pacman -S ufw
# Enable firewall
sudo ufw enable
# Default deny
sudo ufw default deny incoming
sudo ufw default allow outgoingConfigure firewalld:
# Install firewalld
sudo pacman -S firewalld
# Enable
sudo systemctl enable --now firewalld
# Configure zones
sudo firewall-cmd --set-default-zone publicSee Security Configuration for detailed guide.
Harden kernel:
# Edit GRUB
sudo vim /etc/default/grubAdd:
GRUB_CMDLINE_LINUX_DEFAULT="... apparmor=1 security=apparmor"
Regenerate:
sudo grub-mkconfig -o /boot/grub/grub.cfgInstall fail2ban:
# Install fail2ban
sudo pacman -S fail2ban
# Enable
sudo systemctl enable fail2ban
sudo systemctl start fail2banInstall rkhunter:
# Install rkhunter
sudo pacman -S rkhunter
# Update database
sudo rkhunter --update
# Check system
sudo rkhunter --checkCheck security:
# Check firewall
sudo ufw status
# Check services
systemctl list-unit-files --type=serviceThis guide covered system hardening for Arch Linux, CachyOS, and other distributions, including security practices, firewall, and security tools.
- Security Configuration - Security setup
- SELinux and AppArmor - MAC setup
- SSH Configuration - SSH security
- ArchWiki Security: https://wiki.archlinux.org/title/Security
This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.