• LordOfTheChia@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    6 months ago

    Do a search for you server OS + STIG

    Then, for each service you’re hosting on that server, do a search for:

    Service/Program name + STIG/Benchmark

    There’s tons of work already done by the vendors in conjunction with the DoD (and CIS) to create lists of potential vulnerable settings that can be corrected before deploying the server.

    Along with this, you can usually find scripts and/or Ansible playbooks that will do most of the hardening for you. Though it’s a good Idea to understand what you do and do not need done.