Linux Server Security Checklist

• Define clearly the role of the server: Web, file and print, ftp, application...
• Split the file system tree across multiple partitions.
• Make the root partition read-only.
• Install only the software you need to fulfill the server's role.
• Install all security updates from your Linux supplier.
• Password-protect your BIOS.
• Change system setup to boot only to the first hard drive.
• Be sure server is located in a physically secure area.
• Secure the boot process.
• Perform a system and user audit.
• Secure the file system.
• Use Pluggable Authentication Modules.
• Secure X Windows access.
• Safeguard TCP/IP.
• Secure Web services: Apache, FTP, SMTP, etc.
• Examine DNS and BIND.
• Protect NFS and Samba.
• Implement data encryption.
• Set up an auditing and monitoring plan.
• Establish and practice recovery plan.