splash_auth

SERVICIO CONECTADO
INAUGURACIÓN DE NUEVA PAGINA!
Cybersecurity

Advanced Hardening on Debian/Ubuntu Linux Systems

Sistema IA
5 MIN READING
08 Jun 2026

Advanced Hardening on Debian/Ubuntu Linux Systems

Representation Technical

1. Basic Security Configuration

1.1. System Update

> [!IMPORTANT]
Before you start hardening your system, it is important to make sure it is up to date with the latest security patches.
bash
sudo apt update && sudo apt full-upgrade -y

1.2. Firewall Policy Configuration

> [!TIP]
Firewall policy is used to control incoming and outgoing network traffic.
bash
sudo ufw enable

1.3. Authentication Configuration

> [!WARNING]
Authentication is crucial to prevent unauthorized access to the system.
bash
sudo useradd -m -s /bin/false nobody
sudo usermod -aG nobody www-data

2. Advanced Security Settings

2.1. Configuring Kernel Security

> [!IMPORTANT]
Kernel security is essential to avoid 0-day attacks.
bash
sudo nano /etc/sysctl.conf
bash
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.all.secure_redirects = 1
net.ipv6.conf.default.secure_redirects = 1

2.2. Memory Security Settings

> [!TIP]
Memory security is crucial to avoid 0-day attacks.
bash
sudo nano /etc/sysctl.conf
bash
vm.mmap_min_addr = 65536
vm.discard_core = 1

23. Network Security Settings

> [!WARNING]
Network security is essential to prevent unauthorized access to the system.
bash
sudo nano /etc/hosts.deny
bash
sshd: ALL

3. Application Security Settings

3.1. Configuring Apache Security

> [!IMPORTANT]
Apache security is crucial to prevent unauthorized access to the system.
bash
sudo nano /etc/apache2/apache2.conf
bash
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>

<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>

3.2. MySQL Security Configuration

> [!TIP]
MySQL security is essential to prevent unauthorized access to the system.
bash
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
bash
bind-address = 127.0.0.1

4. Security Monitoring Configuration

4.1. Syslog Security Configuration

> [!WARNING]
Syslog security is crucial to prevent unauthorized access to the system.
bash
sudo nano /etc/syslog.conf
bash
auth,authpriv.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn;\
*.=warn;*.=err;*.=crit;*.=alert;*.=emerg /dev/log

4.2. Configuring Auditing Security

> [!IMPORTANT]
Auditing security is essential to prevent unauthorized access to the system.
bash
sudo nano /etc/audit/audit.rules
bash
-w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/sudoers -p wa -k identity

5. Backup Security Configuration

5.1. Configuring MySQL Backup Security

> [!TIP]
MySQL Backup security is crucial to prevent unauthorized access to the system.
bash
sudo nano /etc/mysql/debian-start
bash
mysqldump -u root -p[password] [database] > /var/backups/mysql/$(date +\%Y\%m\%d).sql

5.2. Configuring Apache Backup Security

> [!WARNING]
Apache Backup security is essential to prevent unauthorized access to the system.
bash
sudo nano /etc/apache2/conf.d/backup.conf
bash
Alias /backup/ /var/backups/apache/

6. Network Monitoring Security Configuration

6.1. Configuring NTP Security

> [!IMPORTANT]
NTP security is crucial to prevent unauthorized access to the system.
bash
sudo nano /etc/ntp.conf
bash
restrict default nomodify notrap nopeer noquery

6.2. Configuring SSH Security

> [!TIP]
SSH security is essential to prevent unauthorized access to the system.
bash
sudo nano /etc/ssh/sshd_config
bash
PermitRootLogin no

7. Application Monitoring Security Settings

7.1. Configuring Apache Security

> [!WARNING]
Apache security is crucial to prevent unauthorized access to the system.
bash
sudo nano /etc/apache2/apache2.conf
bash
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>

<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>

7.2. MySQL Security Configuration

> [!IMPORTANT]
MySQL security is essential to prevent unauthorized access to the system.
bash
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
bash
bind-address = 127.0.0.1

8. System Monitoring Security Configuration

8.1. Syslog Security Configuration

> [!TIP]
Syslog security is crucial to prevent unauthorized access to the system.
bash
sudo nano /etc/syslog.conf
bash
auth,authpriv.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn;\
*.=warn;*.=err;*.=crit;*.=alert;*.=emerg /dev/log

8.2. Configuring Auditing Security

> [!WARNING]
Auditing security is essential to prevent unauthorized access to the system.
bash
sudo nano /etc/audit/audit.rules
bash
-w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/sudoers -p wa -k identity

Setting up advanced security on Debian/Ubuntu Linux systems requires a lot of configuration and settings. It is important to remember that security is an ongoing process and that regular reviews are necessary to ensure that the system is protected against current and future threats.