├── .github ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md └── FUNDING.yml ├── LICENSE.md ├── README.md ├── docs ├── _config.yml ├── assets │ └── img │ │ └── logo.png └── index.md ├── lib └── .gitkeep └── static └── img ├── main_preview.jpg └── meme_01.png /.github/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. 6 | 7 | ## Our Standards 8 | 9 | Examples of behavior that contributes to creating a positive environment include: 10 | 11 | * Using welcoming and inclusive language 12 | * Being respectful of differing viewpoints and experiences 13 | * Gracefully accepting constructive criticism 14 | * Focusing on what is best for the community 15 | * Showing empathy towards other community members 16 | 17 | Examples of unacceptable behavior by participants include: 18 | 19 | * The use of sexualized language or imagery and unwelcome sexual attention or advances 20 | * Trolling, insulting/derogatory comments, and personal or political attacks 21 | * Public or private harassment 22 | * Publishing others' private information, such as a physical or electronic address, without explicit permission 23 | * Other conduct which could reasonably be considered inappropriate in a professional setting 24 | 25 | ## Our Responsibilities 26 | 27 | Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. 28 | 29 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. 30 | 31 | ## Scope 32 | 33 | This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. 34 | 35 | ## Enforcement 36 | 37 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at trimstray@gmail.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. 38 | 39 | Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. 40 | 41 | ## Attribution 42 | 43 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] 44 | 45 | [homepage]: http://contributor-covenant.org 46 | [version]: http://contributor-covenant.org/version/1/4/ 47 | -------------------------------------------------------------------------------- /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | > _A real community, however, exists only when its members interact in a meaningful way that deepens their understanding of each other and leads to learning._ 4 | 5 | If you would like to support this project, have an interesting idea how to improve the operation of this tool, or if you found some errors - fork this, add your fixes, and add a pull request of your branch to the **master branch**. 6 | 7 | ## Using the issue tracker 8 | 9 | The [issue tracker](https://github.com/trimstray/the-practical-linux-hardening-guide/issues) is 10 | the preferred channel for bug reports, features requests and submitting pull requests, but please respect the following restrictions: 11 | 12 | * Please **do not** use the issue tracker for personal support requests (use 13 | [Stack Overflow](https://stackoverflow.com) or IRC) 14 | 15 | * Please **do not** derail or troll issues. Keep the discussion on topic and 16 | respect the opinions of others 17 | 18 | ## Signature of commit 19 | 20 | Moving forward all commits to this project must include a "signed-off-by" line indicating the name and email address of the contributor signing off on the change. To enable signatures add the following lines to `.git/hooks/prepare-commit-msg` : 21 | 22 | ``` 23 | SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/- signed-off-by: \1/p') 24 | grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" 25 | ``` 26 | 27 | ## Pull requests 28 | 29 | When creating a pull request, please heed the following: 30 | 31 | - Base your code on the latest master branch to avoid manual merges 32 | - Code review may ensue in order to help shape your proposal 33 | - Explain the problem and your proposed solution 34 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | open_collective: trimstray 2 | github: trimstray 3 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 trimstray 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

The Practical Linux Hardening Guide

2 | 3 |
4 | 5 |

6 | 7 | Master 8 | 9 |

10 | 11 |
12 | 13 |

"Did you know all your doors were locked?" - Riddick (The Chronicles of Riddick)

14 | 15 |
16 | 17 |

18 | 19 | Pull Requests 20 | 21 | 22 | MIT License 23 | 24 |

25 | 26 |
27 | 28 | **** 29 | 30 | # Table of Contents 31 | 32 | - **[Introduction](#introduction)** 33 | - [Prologue](#prologue) 34 | - [The Importance of Hardening Linux](#the-importance-of-hardening-linux) 35 | - [How to Harden Linux](#how-to-harden-linux) 36 | - [Which Distribution Should be Used](#which-distribution-should-be-used) 37 | - [How to Read This Guide](#how-to-read-this-guide) 38 | - [Okay. Let's start, 3, 2, 1... STOP!](#okay-lets-start-3-2-1-stop) 39 | - **[Policy Compliance](#policy-compliance)** 40 | - [Center of Internet Security (CIS)](#center-of-internet-security-cis) 41 | - [Security Technical Implementation Guide (STIG)](#security-technical-implementation-guide-stig) 42 | - [National Institute of Standards and Technology (NIST)](#national-institute-of-standards-and-technology-nist) 43 | - [Payment Card Industry Data Security Standard (PCI-DSS)](#payment-card-industry-data-security-standard-pci-dss) 44 | - **[Security Content Automation Protocol (SCAP)](#security-content-automation-protocol-scap)** 45 | - [SCAP Security Guide](#scap-security-guide) 46 | - [OpenSCAP Base](#openscap-base) 47 | - [SCAP Workbench](#scap-workbench) 48 | - **[DevSec Hardening Framework](#devsec-hardening-framework)** 49 | - **[Contributing & Support](#contributing--support)** 50 | - **[License](#license)** 51 | 52 | ## Introduction 53 | 54 | ### Prologue 55 | 56 | **[The Practical Linux Hardening Guide](https://trimstray.github.io/the-practical-linux-hardening-guide/)** provides a high-level overview of hardening GNU/Linux systems. It is not an official standard or handbook but it _touches_ and _uses_ industry standards. 57 | 58 | This guide also provides you with _practical step-by-step instructions_ for building your own hardened systems and services. One of the main goals is to create a single document covering _internal_ and _external_ threats. 59 | 60 | A few rules for this project: 61 | 62 | - useful, simple, and not tiring 63 | - include a lot of security tips from the C2S/CIS 64 | - contains also non-related rules with C2S/CIS 65 | - based on a minimal [RHEL7](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) and [CentOS 7](https://www.centos.org/) installations 66 | - it's not exhaustive about Linux hardening 67 | - some hardening rules/descriptions can be done better 68 | - you can think of it as a checklist 69 | 70 | The Practical Linux Hardening Guide use following [OpenSCAP](https://www.open-scap.org/) configurations: 71 | 72 | - [U.S. Government Commercial Cloud Services (C2S) baseline inspired by CIS v2.1.1](https://static.open-scap.org/ssg-guides/ssg-rhel7-guide-C2S.html) 73 | 74 | > C2S for Red Hat Enterprise Linux 7 v0.1.43. 75 | 76 | - [Red Hat Enterprise Linux 7 Security Technical Implementation Guide (STIG)](https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/) 77 | 78 | > The requirements are derived from the (NIST) 800-53 and related documents. 79 | 80 | Please also remember: 81 | 82 | > This guide contains my comments that may differ from certain industry principles. If you are not sure what to do please see **[Policy Compliance](#policy-compliance)**. 83 | 84 | ### The Importance of Hardening Linux 85 | 86 | Simply speaking, hardening is the process of making a system more secure. Out of the box, Linux servers don’t come "hardened" (e.g. with the attack surface minimized). It’s up to you to prepare for each eventuality and set up systems to notify you of any suspicious activity in the future. 87 | 88 | The process of hardening servers involves both IT ops. and security teams and require changes to the default configuration according to industry benchmarks. 89 | 90 | Also for me, hardening is the fine art of doing the right things, even if they don't always look to have a big impact. It's always a balance between ease of use and protection. 91 | 92 | You need to harden your system to protect your assets as much as possible. Why is it important? Please read a great, short article that [explains the hardening process](https://linux-audit.com/linux-server-hardening-most-important-steps-to-secure-systems/) step by step by [Michael Boelen](https://michaelboelen.com/). 93 | 94 | ### How to Harden Linux 95 | 96 | In my opinion, you should drop all non-industry policies, articles, manuals, and others especially on production environments and standalone home servers. These lists exist to give a false sense of security and aren't based on authority standards. 97 | 98 |

99 | 100 | Master 101 | 102 |

103 | 104 | There are a lot of great GNU/Linux hardening policies available to provide safer operating systems compatible with security protocols. For me, CIS and the STIGs compliances are about the best prescriptive guides - but of course you can choose a different one (e.g. PCI-DSS, DISA). 105 | 106 | > Most of all you should use [Security Benchmarks/Policies](#policy-compliance) which describe consensus best practices for the secure configuration of target systems. 107 | 108 | Configuring your systems in compliance eliminates the most common vulnerabilities. For example, CIS has been shown to eliminate 80-95% of known vulnerabilities. 109 | 110 | On the other hand, these standards are complicated checklists (often for newbies, difficult to implement). In my opinion, ideally, real world implementation is automated via something like OpenSCAP. 111 | 112 | > You should use a rational approach because more is not better. Each environment is different, so even though security rules should all work in theory, sometimes things will not work as expected. 113 | 114 | Hardening is not a simple process. Here are general rules following common best practices: 115 | 116 | - never use root account for anything that does not require it 117 | - only `sudo` individual commands 118 | - never set a server to run as root (except for initialization time) and ensure that it exits all unnecessary privileges before accepting requests 119 | - secure your firewall the best you can and forbid all unnecessary access 120 | - do not install unnecessary or unstable software 121 | 122 | ### Which Distribution Should be Used 123 | 124 | This guide is tested on **Red Hat Enterprise Linux 7** and **CentOS 7** distributions because these are: 125 | 126 | - free (CentOS) and open source 127 | - enterprise-class 128 | - stable and reliable 129 | - with great community support 130 | - built on coherent snapshots of old packages 131 | 132 | Both distributions allow the use of **[certified tools](#scap-security-guide)** which can parse and evaluate each component of the SCAP standard. 133 | 134 | If you use another distribution - no problem, this guide is also for you. 135 | 136 | ### How to Read This Guide 137 | 138 | Here is the structure of the chapters: 139 | 140 | ``` 141 | Chapter - e.g. Core Layer 142 | | 143 | |-- Subsection - e.g. Maintaining Software 144 | | \ 145 | | |-- Rationale 146 | | |-- Solution (+ policies) 147 | | |-- Comments 148 | | |-- Useful resources 149 | | 150 | |-- Subsection - e.g. Accounts and Access 151 | | \ 152 | | |-- Rationale 153 | | |-- Solution (+ policies) 154 | | |-- Comments 155 | | |-- Useful resources 156 | ``` 157 | 158 | Levels of understanding: 159 | 160 | - _Chapter_ and _subsection_ offers a general overview 161 | - _Rationale_ tells you the reasoning behind the changes 162 | - _Solution_ and _policies_ are always compliant with the standard and on this basis, make changes 163 | - _Comments_ helps you figure out what you can change or add to the _solution_ 164 | - _Useful resources_ provide deeper understanding 165 | 166 | If you do not have the time to read hundreds of articles (just like me) this multipurpose handbook may be useful. This handbook does not get into all aspects of GNU/Linux hardening. I tried to put external resources in many places in this handbook in order to dispel any suspicion that may exist. 167 | 168 | I did my best to make this guid a single and consistent (but now I know that is really hard). It's organized in an order that makes logical sense to me. 169 | 170 | Do not treat this hardening guide as revealed knowledge. You should take a scientific approach when reading this document. If you have any doubts and disagree with me, please point out my mistakes. You should to discover cause and effect relationships by asking questions, carefully gathering and examining the evidence, and seeing if all the available information can be combined in to a logical answer. 171 | 172 | I create this handbook for one more reason. Rather than starting from scratch in, I putting together a plan for answering your questions to help you find the best way to do things and ensure that you don't repeat my mistakes from the past. 173 | 174 | So, what's most important: 175 | 176 | - ask a questions about something that you observe 177 | - do background research 178 | - do tests with an experiments 179 | - analyze and draw conclusions 180 | - communicate results (for us!) 181 | 182 | ### Okay. Let's start, 3, 2, 1... STOP! 183 | 184 | Making major changes to your systems can be risky. 185 | 186 | The most important rule of system hardening that reasonable admins follow is: 187 | 188 | > **`A production environment is the real instance of the app so make your changes on the dev/test!`** 189 | 190 | The second most important rule is: 191 | 192 | > **`Don’t do anything that will affect the availability of the service or your system.`** 193 | 194 | The third rule is: 195 | 196 | > **`Make backups of the entire virtual machine and important components.`** 197 | 198 | And the last rule is: 199 | 200 | > **`Think about what you actually do with your server.`** 201 | 202 | ## Policy Compliance 203 | 204 | ### Center of Internet Security (CIS) 205 | 206 | The Center of Internet Security (CIS) is a nonprofit organization focused on improving public and private sector cybersecurity readiness and response. 207 | 208 | Please see **[CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/)**. 209 | 210 | ### Security Technical Implementation Guide (STIG) 211 | 212 | A Security Technical Implementation Guide (STIG) is a cybersecurity methodology for standardizing security protocols within networks, servers, computers, and logical designs to enhance overall security. 213 | 214 | Please see **[Stigviewer](https://www.stigviewer.com/stigs)** to explore all stigs. 215 | 216 | ### National Institute of Standards and Technology (NIST) 217 | 218 | The National Institute of Standards and Technology (NIST) is a physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce. 219 | 220 | Please see **[National Checklist Program (NCP)](https://nvd.nist.gov/ncp/repository)**. 221 | 222 | ### Payment Card Industry Data Security Standard (PCI-DSS) 223 | 224 | Payment Card Industry Data Security Standard (PCI-DSS) compliance is a requirement for any business that stores, processes, or transmits cardholder data. 225 | 226 | In accordance with PCI-DSS requirements, establish a formal policy and supporting procedures for developing configuration standards for system components that are consistent with industry-accepted hardening standards like: 227 | 228 | - Center of Internet Security (CIS) 229 | - International Organization for Standardization (ISO) 230 | - SysAdmin, Audit, Network, and Security (SANS) Institute 231 | - National Institute of Standards and Technology (NIST) 232 | 233 | ## Security Content Automation Protocol (SCAP) 234 | 235 | Security Content Automation Protocol (SCAP) provides a mechanism to check configurations, vulnerability management and evaluate policy compliance for a variety of systems. 236 | 237 | One of the most popular implementations of SCAP is OpenSCAP and it is very helpful for vulnerability assessment and as a hardening helper. OpenSCAP can easily handle the SCAP standards and generate neat, HTML-based reports. 238 | 239 | Please see **[SCAP Security Policies](https://www.open-scap.org/security-policies/)**, **[OpenSCAP User Manual](https://static.open-scap.org/openscap-1.2/oscap_user_manual.html)**, and **[OpenSCAP Static](https://static.open-scap.org/)**. 240 | 241 | ### SCAP Security Guide 242 | 243 | The auditing system settings with SCAP Security Guide project contains guidance for settings for Red Hat/CentOS and it's validated by NIST. 244 | 245 | You should inspect the security content of your system with `oscap info` module: 246 | 247 | ```bash 248 | # For RHEL: 249 | oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml 250 | 251 | # For CentOS: 252 | oscap info /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml 253 | ``` 254 | 255 | ### OpenSCAP Base 256 | 257 | The OpenSCAP scanner will only provide meaningful results if the content you want it to process is correct and up to date. The `oscap` tool scans your system, validates security compliance content, and generates reports and guides based on these scans. 258 | 259 | Official [OpenSCAP Base](https://www.open-scap.org/tools/openscap-base/) documentation says: 260 | 261 | > _The command-line tool, called `oscap`, offers a multi-purpose tool designed to format content into documents or scan the system based on this content. Whether you want to evaluate DISA STIGs, NIST‘s USGCB, or Red Hat’s Security Response Team’s content, all are supported by OpenSCAP._ 262 | 263 | Before use, please read **[Using OSCAP](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sect-using_oscap)** documentation. 264 | 265 | ```bash 266 | # Installation: 267 | yum install openscap-scanner 268 | 269 | # Make a RHEL7 machine e.g. PCI-DSS compliant: 270 | oscap xccdf eval --report report.html --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml 271 | 272 | # Make a CentOS machine e.g. PCI-DSS compliant: 273 | oscap xccdf eval --report report.html --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml 274 | ``` 275 | 276 | ### SCAP Workbench 277 | 278 | SCAP Workbench is a utility that offers an easy way to perform common `oscap` tasks on local or remote systems. 279 | 280 | Before use, please read **[Using SCAP Workbench](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sect-using_scap_workbench)** documentation. 281 | 282 | ```bash 283 | # Installation: 284 | yum install scap-security-guide scap-workbench 285 | ``` 286 | 287 | ## DevSec Hardening Framework 288 | 289 | > _Security + DevOps: Automatic Server Hardening._ 290 | 291 | This project covers some of the things in this guide which can be automated (e.g. setting of grub password or enforcing the permissions of the common directories). Its a good start if you want to make changes and see how it works from the level of automation tools. 292 | 293 | Project: **[DevSec Hardening Framework](https://dev-sec.io)** and :octocat: GitHub repository: **[dev-sec](https://github.com/dev-sec/)**. 294 | 295 | Thanks [@artem-sidorenko](https://github.com/artem-sidorenko)! 296 | 297 | ## Contributing & Support 298 | 299 | If you find something which doesn't make sense, or something doesn't seem right, please make a pull request and please add valid and well-reasoned explanations about your changes or comments. 300 | 301 | Before adding a pull request, please see the **[contributing guidelines](.github/CONTRIBUTING.md)**. 302 | 303 | If this project is useful and important for you or if you really like _The Practical Linux Hardening Guide_, you can bring **positive energy** by giving some **good words** or **supporting this project**. Thank you! 304 | 305 | ## License 306 | 307 | For license information, please see [LICENSE](https://github.com/trimstray/the-practical-linux-hardening-guide/blob/master/LICENSE.md). 308 | 309 | --- 310 | 311 |

:beginner: To start please go to the Wiki.

312 | -------------------------------------------------------------------------------- /docs/_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-minimal 2 | 3 | title: The Practical Linux Hardening Guide 4 | 5 | logo: /assets/img/logo.png 6 | -------------------------------------------------------------------------------- /docs/assets/img/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trimstray/the-practical-linux-hardening-guide/7b05a843c952f4fbaf7c574a41ceb77945019ff5/docs/assets/img/logo.png -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 | 5 | ## About Project 6 | 7 | **[The Practical Linux Hardening Guide](https://github.com/trimstray/the-practical-linux-hardening-guide/wiki)** provides a high-level overview of hardening GNU/Linux systems. It is not an official standard or handbook but it _touches_ and _uses_ industry standards. 8 | 9 | This guide also provides you with _practical step-by-step instructions_ for building your own hardened systems and services. One of the main goals is to create a single document covering _internal_ and _external_ threats. 10 | 11 | The Practical Linux Hardening Guide use following [OpenSCAP](https://www.open-scap.org/) configurations: 12 | 13 | - [U.S. Government Commercial Cloud Services (C2S) baseline inspired by CIS v2.1.1](https://static.open-scap.org/ssg-guides/ssg-rhel7-guide-C2S.html) 14 | 15 | > C2S for Red Hat Enterprise Linux 7 v0.1.43. 16 | 17 | - [Red Hat Enterprise Linux 7 Security Technical Implementation Guide (STIG)](https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/) 18 | 19 | > The requirements are derived from the (NIST) 800-53 and related documents. 20 | 21 | ## About Me 22 | 23 | I'm a System and (tiny) Network Administrator. Also Security Enthusiast. 24 | 25 | For the most part, I manage environments based on GNU/Linux and BSD systems. 26 | 27 | The postings on this domain are my own and don't necessarily represent my employer’s positions, strategies or opinions. 28 | 29 | ## Contact 30 | 31 | If you wish to contact me: 32 | 33 | - hit me on [Twitter](https://twitter.com/trimstray), [Keybase](https://keybase.io/trimstray) or [Github](https://github.com/trimstray) 34 | - via e-mail (base64): `dHJpbXN0cmF5QGdtYWlsLmNvbQo=` 35 | -------------------------------------------------------------------------------- /lib/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trimstray/the-practical-linux-hardening-guide/7b05a843c952f4fbaf7c574a41ceb77945019ff5/lib/.gitkeep -------------------------------------------------------------------------------- /static/img/main_preview.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trimstray/the-practical-linux-hardening-guide/7b05a843c952f4fbaf7c574a41ceb77945019ff5/static/img/main_preview.jpg -------------------------------------------------------------------------------- /static/img/meme_01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trimstray/the-practical-linux-hardening-guide/7b05a843c952f4fbaf7c574a41ceb77945019ff5/static/img/meme_01.png --------------------------------------------------------------------------------