https://marktaguiad.dev/tags/selinux/ Recent content in Selinux on marktaguiad.dev Hugo en-us marktaguiad@marktaguiad.dev (Mark Taguiad) marktaguiad@marktaguiad.dev (Mark Taguiad) marktaguiad.dev Sat, 26 Jul 2025 00:00:00 +0000 https://marktaguiad.dev/post/linux-security-hardening/ Sat, 26 Jul 2025 00:00:00 +0000marktaguiad@marktaguiad.dev (Mark Taguiad) https://marktaguiad.dev/post/linux-security-hardening/ <div class="alert alert-info"> <div class="alert-title">Info</div> <div class="alert-content"> Content here are automated using ansible, check <a href="https://marktaguiad.dev/post/linux-hardening-playbook">here</a> if you are interested. </div> </div> <h1 id="table-of-contents">Table of Contents</h1> <nav id="TableOfContents"> <ol> <li><a href="#ssh-hardening">SSH hardening</a> <ol> <li><a href="#core-configuration">Core Configuration</a></li> <li><a href="#enforce-password-complexity">Enforce password complexity</a></li> <li><a href="#debian-base">Debian base</a></li> <li><a href="#redhat-base">Redhat base</a></li> <li><a href="#monitoring">Monitoring</a></li> <li><a href="#optional-enhancement">Optional Enhancement</a></li> </ol> </li> <li><a href="#fail2ban">Fail2ban</a> <ol> <li><a href="#installation">Installation</a></li> <li><a href="#configuration">Configuration</a></li> <li><a href="#status">Status</a></li> <li><a href="#unbanning-ip">Unbanning IP</a></li> <li><a href="#custom-configregex">Custom Config/Regex</a></li> </ol> </li> <li><a href="#selinux">SELinux</a> <ol> <li><a href="#mode-definitions">Mode Definitions</a></li> <li><a href="#labels-and-policy">Labels and Policy</a></li> <li><a href="#type-enforcement">Type Enforcement</a></li> <li><a href="#mcs-enforement">MCS Enforement</a></li> <li><a href="#mls-enforcement">MLS Enforcement</a></li> <li><a href="#selinux-enforcement-comparison">SELinux Enforcement Comparison</a></li> <li><a href="#configuration-1">Configuration</a></li> </ol> </li> </ol> <ol> <li><a href="#firewall">Firewall</a></li> <li><a href="#automatic-security-upgrade">Automatic Security Upgrade</a> <ol> <li><a href="#debian-base-1">Debian base</a></li> <li><a href="#redhat-base-1">Redhat base</a></li> </ol> </li> <li><a href="#audit">Audit</a></li> <li><a href="#advanced-intrusion-detection-environment">Advanced Intrusion Detection Environment</a></li> </ol> </nav> <h3 id="ssh-hardening">SSH hardening</h3> <p>SSH is one of the most targeted services on any server exposed to a network. Hardening SSH reduces the attack surface, limits brute-force attempts, and enforces stronger authentication and cryptography.</p> https://marktaguiad.dev/post/linux-network-services/ Fri, 20 Jun 2025 00:00:00 +0000marktaguiad@marktaguiad.dev (Mark Taguiad) https://marktaguiad.dev/post/linux-network-services/ <h1 id="table-of-contents">Table of Contents</h1> <nav id="TableOfContents"> <ol> <li><a href="#configuring-ssh">Configuring SSH</a> <ol> <li><a href="#install">Install</a></li> <li><a href="#copying-key-to-server">Copying key to Server</a></li> <li><a href="#hardening-ssh-server">Hardening SSH Server</a></li> <li><a href="#managing-selinux-to-allow-ssh-port-change">Managing SElinux to Allow SSH port Change</a></li> </ol> </li> <li><a href="#apache-web-server">Apache Web Server</a> <ol> <li><a href="#install-apache">Install apache.</a></li> <li><a href="#key-terminology">Key Terminology</a></li> <li><a href="#creating-first-website">Creating First Website</a></li> <li><a href="#main-configuration-files">Main Configuration Files</a></li> <li><a href="#implementing-a-basic-htaccess-for-redirects">Implementing a Basic .htaccess for Redirects</a></li> <li><a href="#hosting-multiple-website">Hosting Multiple Website</a></li> <li><a href="#ssl-termination">SSL Termination</a></li> <li><a href="#reverse-proxy">Reverse Proxy</a></li> </ol> </li> <li><a href="#ntp---network-time-protocol">NTP - Network Time Protocol</a> <ol> <li><a href="#run-as-a-service">Run as a Service</a></li> <li><a href="#run-as-a-server">Run as a Server</a></li> </ol> </li> </ol> </nav> <h3 id="configuring-ssh">Configuring SSH</h3> <h4 id="install">Install</h4> <p>Some distro don&rsquo;t include ssh server out of the box, or you forgot to check the option in the installation process.</p>