Skip to content

maxuru ~ % harden --help

Harden your servers without locking yourself out

You’re hardening a server. Maybe it’s a fresh box, maybe an audit flagged something, maybe an alert says a port is open that shouldn’t be. Whatever brought you here, you need the same three things: the exact change to make, a way to confirm it actually took effect, and the confidence that you won’t lock yourself out doing it.

Every page here is built around those three.

  • The fix, first. The exact directive, in the file it belongs in, at the top of the page. If you already know what you’re doing, copy it and go.
  • Proof it worked. The command that checks the running service — not just the file you edited. Setting a value and having it take effect are two different things, and only one of them is what protects you.
  • The way back out. What to check before you apply it, so a hardening step doesn’t strand you on a host you can no longer reach.

Security defaults move. Authentication methods get deprecated, cipher lists age out, ports get renamed, and a recommendation that was right a few years ago is sometimes wrong today. Every page is written against the current release of the software it covers. Where a version changed a default, removed a setting, or made a widely-repeated tip pointless, the page says so — and says what to do instead.

And every page ends the same way it starts: with a command you run on your own system to confirm the result. Don’t take our word for it. Check your box.

Last updated: