Harden the operating system

After the initial installation of the UNIX or LINUX operating system, you must “harden” the system to remove any unnecessary services and set the rights for operating system resources that may not be sufficiently protected.

Most of the UNIX and LINUX vendors provide scripts and directions for hardening their systems. For more information, contact your operating system vendor.

Check the integrity of system files on a regular basis

Since changes to system files are not necessarily detected by the operating system, we recommend checking the integrity of such files on a regular basis. For available tools and guidelines, contact your operating system vendor.

Restrict access to the operating system

System access must be restricted to authorized users only. In addition, all logons should be logged and monitored so that you can track user activities. For more information about how to log and monitor logons, see the documentation provided by your operating system vendor.

Restrict physical access to the server

To prevent users from being able to misuse certain functions, for example, modifying boot processes, you should restrict physical access to the server. Such functions should only be available locally, and only authorized administrators should have physical access to the server. You should also have logged such administration activities.

Protect access to the server at the network level

You must also protect access to the server at the network level. Use a firewall system to allow access only over those ports that are necessary. For more information, see Network and Communication Security.