Ideas

Strategy

  • It is relatively simple to minimise attack profile/vectors on linux.

  • Check out the Ubuntu minimal install for servers.

    • strip out what you don’t need.

    • only install what you need

  • Use the iptables firewall - only let in what you need.

  • Ubuntu server is fine - could also consider Centos or Red Hat.

  • Use the CIS Security Benchmarks from Links. Guides are available for hardening different operating systems - they are good because they show you step by step commands rather than running automated scripts.

  • Could remove inetd. See CIS Security Benchmarks (above) for more information.

  • Could consider integrating SELinux. This has the concept of domains which can be used to enhance security.