maxuru ~ % harden --help
Harden your servers without locking yourself out
You’re hardening a server. Maybe it’s a fresh box, maybe an audit flagged something, maybe an alert says a port is open that shouldn’t be. Whatever brought you here, you need the same three things: the exact change to make, a way to confirm it actually took effect, and the confidence that you won’t lock yourself out doing it.
Every page here is built around those three.
- The fix, first. The exact directive, in the file it belongs in, at the top of the page. If you already know what you’re doing, copy it and go.
- Proof it worked. The command that checks the running service — not just the file you edited. Setting a value and having it take effect are two different things, and only one of them is what protects you.
- The way back out. What to check before you apply it, so a hardening step doesn’t strand you on a host you can no longer reach.
Databases and search
Section titled “Databases and search”Web servers and access
Section titled “Web servers and access”Containers and messaging
Section titled “Containers and messaging”How to trust a page
Section titled “How to trust a page”Security defaults move. Authentication methods get deprecated, cipher lists age out, ports get renamed, and a recommendation that was right a few years ago is sometimes wrong today. Every page is written against the current release of the software it covers. Where a version changed a default, removed a setting, or made a widely-repeated tip pointless, the page says so — and says what to do instead.
And every page ends the same way it starts: with a command you run on your own system to confirm the result. Don’t take our word for it. Check your box.