Secure Linux Servers by Default is a rant about hardening Linux servers and keeping them up-to-date. The article references:
There is also the CIS Debian Linux Benchmark for hardening Debian based Linux systems. I have this coded as a series of Salt States. Will need to make that public at some point.
While I'm at it, a few packages for file and system validation from a security and intrusion perspective:
- tiger - Report system security vulnerabilities, which can use tripwire or aide
- aide - Advanced Intrusion Detection Environment - static binary
- samhain - Data integrity and host intrusion alert system
- tripwire - file and directory integrity checker
- checksecurity - basic system security checks: setuid, sockets, passwd, disfree, ...
- systraq - monitor your system and warn when system files change - not recently maintained
- stealth - stealthy File Integrity Checker