Created
December 3, 2018 20:28
-
-
Save curtismckee/3d78602e36bbe9b2b11a14f185576db6 to your computer and use it in GitHub Desktop.
Revisions
-
Curtis Mckee created this gist
Dec 3, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,32 @@ ## Debian Security Guideline Encryption/ Device Lock Down - Revoke GRUB shell access - UEFi setup menu supervisor password protected - All Boot devices disabled - LUKS hard drive encryption TPM Module - Storing LUKS key and doing pre-boot integrity checks Users Lockdown - Users / Groups permissions - User TOTP 2factor Authentication Password - /etc/pam.d/pam-cracklib (pass strength/history) - /etc/login.defs (pass rotation) Firewall - iptables Logging - iptables log Analysis - Rsyslog - LogRotate Application Whitelisting - AppArmor Password Management - KeePassXC
Curtis Mckee
created
this gist