Linux Foundation has released a new list of security recommendations that is particularly helpful for the system administrators. The list of security tips range from moderate to paranoid. Konstantin Ryabitsev, director of collaborative IT services at the Linux Foundation, shared a security checklist that is used the at organisation for hardening laptops of its sysadmins to protect against hacks and attacks. With these recommendations, the foundations aim to provide a guide to balance security decision and usability. The checklist comes attached with the explanations of each step that has been taken. Ryabitsev has highlighted different levels of security including paranoid, critical, moderate and low.
Explaining the check list, the foundation said, “This is a set of recommendations used by the Linux Foundation for their systems administrators. All of LF employees are remote workers and we use this set of guidelines to ensure that a sysadmin’s system passes core security requirements in order to reduce the risk of it becoming an attack vector against the rest of our infrastructure.
Even if your systems administrators are not remote workers, chances are that they perform a lot of their work either from a portable laptop in a work environment, or set-up their home systems to access the work infrastructure for after-hours/emergency support. In either case, you can adapt this set of recommendations to suit your environment.”
Under the list of critical recommendations, those implementations have been included that are considered a must-do from a sysadmin’s perspective. Things like ‘enabling SecureBoot to prevent rootkits or “Evil Maid” attacks, choosing a Linux distribution that supports native full disk encryption, has timely security updates, provides cryptographic verification of packages and supports Mandatory Access Control (MAC) or Role-Based Access Control (RBAC) mechanisms like SELinux, AppArmor or Grsecurity’.
Check out the list here: https://github.com/lfit/itpol/blob/master/linux-workstation-security.md