STIG it to me, RHEL6! (computer security isn't hard!)

Latest response

Many of you out there work within the Government or "Public" sector.  Others of you are Security Enthusists like myself now have another reference point when we want to look at great ways to harden a Linux system.  The U.S. Government publishes serveral great guidelines for making security better on your systems.  The first of these is the STIG (Security Technical Implementation Guide).

The new RHEL6 STIG guidelines can be found here:

     http://iase.disa.mil/stigs/os/unix/red_hat.html

along with the RHEL5 materials.

Another great source of security/hardening is NIST (the National Institute of Standards and Technology).  Under their National Vulnabiltiy Database they provide checklists for assorted products to strengthen their security profiles:

     http://web.nvd.nist.gov/view/ncp/repository

Another great resource would be from our friends at SANS (a company dedicated to security research and certifications).  They have published another great resource in their Linux Security Checklist:

    http://www.sans.org/score/checklists/linuxchecklist.pdf

So Community, what tips can you share to make things more secure?  Do you follow any/all of these guidelines?  What other resources have you found helpful?  We'd love to hear from you!

Christopher Robinson's picture

Responses