Ask Your Question

What can one do to harden Fedora 28?

asked 2018-06-13 06:04:40 -0500

jackyjack gravatar image

I have run a system audit using Lynis. I have chkrootkit and rkhunter working. I use Clamav and Comodo.

What can I do to further harden my system, and is there anything specific to Fedora 28 that can be done?

Thank you very much.

edit retag flag offensive close merge delete

3 Answers

Sort by » oldest newest most voted

answered 2018-06-13 08:30:37 -0500

hhlp gravatar image

@jacky, you're welcome, you can read :

edit flag offensive delete link more


selinux: this may also be helpful

florian gravatar imageflorian ( 2018-06-13 20:37:02 -0500 )edit

Regarding SSH, if you're as lazy as I am, here's a really nice guide:

dokterw gravatar imagedokterw ( 2018-06-14 13:56:29 -0500 )edit

answered 2018-06-13 08:52:07 -0500

Oldmansteptoe gravatar image

The first two would be on, unless you specifically turned it off but:


sudo getenforce

Should say “enforcing”


sudo systemctl status firewalld

Look for “active (enabled)”


sudo systemctl status sshd

Again look for “active (enabled)”

For that, stop and disable with:

sudo systemctl disable sshd sudo systemctl stop sshd

edit flag offensive delete link more


That's great!

jackyjack gravatar imagejackyjack ( 2018-06-14 03:20:56 -0500 )edit

answered 2018-06-13 07:04:02 -0500

hhlp gravatar image

Hello jacky, welvome to ask fedora :

you can read and old fedora documentation, is quite old but you can read : Security_Guide

Some basic stuff come to my mind :

  • Encrypt the drive during installation. how-to-encrypt-your-fedora-file-system
  • Leave SELinux on (should be on by default) and enable firewalld. (many people says this is not necesary and it is)
  • Disable SSH if you never intend to remotely connect to the machine via SSH. If you do, change the port, configure SSH keys for the appropriate devices, and disable password authentication.
  • Remove any software that is installed by default that you never intend to actually use.

also you can read this -> table-rhel7-stig-manual and sec-securitytechnicalimplementation_guide and system-administrators-guide


edit flag offensive delete link more


Thank you very much. If you don't mind, please tell me how to leave SELinix on (from the terminal), and how to enable firewalld (again from the terminal) and how to disable SSH (you guessed it, from the terminal). It is great to have your help.

jackyjack gravatar imagejackyjack ( 2018-06-13 08:10:28 -0500 )edit

@Oldmansteptoe, you should convert comment to answer, so I can upvote it, as it is very good.

SteveEbey73701 gravatar imageSteveEbey73701 ( 2018-06-13 18:10:33 -0500 )edit

that function to convert a comment to an answer doesn't exist anymore, does it?

florian gravatar imageflorian ( 2018-06-13 20:32:06 -0500 )edit

Question Tools



Asked: 2018-06-13 06:04:40 -0500

Seen: 813 times

Last updated: Jun 13 '18