# Linux Security Hardening – Übersicht

Diese Seite listet die Artikel nach Kategorie in der Reihenfolge der 840er-Struktur.

# Kategorien

# SSH Hardening

• 301. SSH Server Configuration – sshd_config Best-Practices
• 302. SSH Keys – Generation, Distribution, Rotation
• 303. SSH Agent – Key Management & Forwarding
• 304. SSH Port Management & Fail2Ban Integration
• 305. Jump Hosts & Bastion Hosts – SSH Proxying
• 306. SSH Certificates – Alternative to Keys

# Firewall Hardening

• 307. iptables Fundamentals – Chains, Rules, Targets
• 308. Stateful Firewall Configuration
• 309. nftables – Modern Netfilter Syntax
• 310. UFW/firewalld – Higher-Level Firewall Tools
• 311. Firewall Logging & Monitoring
• 312. Zero Trust Firewall – Deny-by-Default

# Access Control

• 313. File Permissions – umask, Special Bits
• 314. ACLs – getfacl, setfacl
• 315. SELinux – Policy Enforcement
• 316. AppArmor – Profile-Based Security
• 317. PAM – Pluggable Authentication Modules
• 318. Multi-Factor Authentication – TOTP, U2F

# Encryption & TLS

• 319. OpenSSL – Certificate Generation & Management
• 320. LUKS Encryption – Full-Disk Encryption
• 321. eCryptfs – Transparent Encryption
• 322. SSL/TLS Certificates – Let’s Encrypt Integration
• 323. Private CA – Self-Signed Certificates
• 324. Encryption Best-Practices – Key Management

# User & Account Hardening

• 325. Sudo Hardening – sudoers Configuration
• 326. Password Policies – PAM Configuration
• 327. User Account Lockout – Brute-Force Protection
• 328. Login Monitoring & Auditing
• 329. Shell Restrictions – Restricted Shells
• 330. Service Accounts – Minimal Privilege Accounts

# Network Security

• 331. Fail2Ban – Intrusion Prevention
• 332. IPTables Rate Limiting – DDoS Protection
• 333. DNS Security – DNSSEC Configuration
• 334. NTP Time Synchronization – Security Aspects
• 335. IPv6 Security – IPv6-Specific Issues
• 336. Network Segmentation – VLANs & Firewalls

# Auditing & Logging

• 337. Auditd – System Call Auditing
• 338. Audit Rules – Comprehensive Monitoring
• 339. Rsyslog – Centralized Logging
• 340. Logrotate – Log Rotation & Management
• 341. Log Analysis – Patterns & Anomalies
• 342. Syslog Integration – Forwarding to Central Server

# Vulnerability Management

• 343. Package Vulnerability Scanning
• 344. Kernel Security Updates – Patching Strategy
• 345. CVE Tracking & Response
• 346. Security Advisories – Monitoring & Updates
• 347. Penetration Testing Tools – nmap, metasploit
• 348. Security Benchmarks – CIS, STIG

# Threat Detection

• 349. AIDE – File Integrity Monitoring
• 350. Rkhunter – Rootkit Detection
• 351. Chkrootkit – Malware Detection
• 352. Osquery – System Monitoring & Analysis
• 353. Network Intrusion Detection – Suricata, Snort
• 354. Anomaly Detection – Behavioral Analysis

# Compliance & Incident Response

• 355. GDPR Compliance on Linux
• 356. HIPAA Compliance – Healthcare Requirements
• 357. PCI-DSS Compliance – Payment Card Industry
• 358. Incident Response Planning – IR Procedures
• 359. Forensic Analysis – Evidence Collection
• 360. Security Hardening Frameworks – NIST, CIS

# Runbooks {#runbooks}

• TODO: Runbooks ergänzen.

# Roadmap {#roadmap}

• TODO: Umsetzung und Priorisierung dokumentieren.