<!DOCTYPE html>
<html dir="ltr" lang="en">
    <head>
        <meta charset='utf-8'>
        <title>2.2. Hardening</title>
    </head>
    <body>

        <a href="index.html">Core OS Index</a>

        <h1>2.2. Hardening</h1>

        <p>Kernel <a href="ports/linux-gnu">linux-gnu</a> port have
        <a href="apparmor.html">apparmor</a> default options. AppArmor
        enforce rules on applications based on security policies.
        User space tools are provided by apparmor port and its dependencies, 
        install them;</p>

        <pre>
        $ sudo prt-get depinst checksec lynis apparmor
        </pre>

        <p>Lynis gives a view of system overall configuration, without changing
        default profile it runs irrelevant tests. Create a lynis profile by
        coping default one and run lynis;</p>

        <pre>
        $ sudo cp /etc/lynis/default.prf /etc/lynis/custom.prf
        $ sudo lynis configure settings color=yes
        $ sudo lynis show settings
        $ sudo lynis show profile
        </pre>

        <pre>
        $ lynis audit system > lynis_report
        $ mv /tmp/lynis.log .
        $ mv /tmp/lynis-report.dat .
        </pre>

        <p>Add unnecessary tests to profile to have less noise.</p>

        <a href="index.html">Core OS Index</a>
        <p>This is part of the c9 Manual.
        Copyright (C) 2017
        c9 team.
        See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
        for copying conditions.</p>

    </body>
</html>