I have been looking at hardening *nix servers for my lab and maybe carry some of that over to work. CIS benchmarks are something I like doing but that’s barely scratching the surface. What do you do for your servers?
I have Lynis, systemd-analyze, Kernel self protection in mind but I’d love to hear your thoughts. Bonus points for the most paranoid setups!
I’m probably in minority here. My setup is simple, I chose a good OS like Debian or Alpine to run things on, make sure it’s always patched, move sshd to a nonstandard port and harden it.