Linux Hardening#
Configuration guidance the operator points a blue team at when locking down a Linux host. The CIS benchmarks carry the per-distribution checklists; STIGs cover the DoD baseline; ANSSI publishes a tighter French government variant. Operators should read the threat model behind each before applying it; some lock down services the operator depends on for collection.
References#
Linux Defend for the monitoring side.