1.

Secure Boot Loader

Set a GRUB password

2. Update the system frequently

# yum update

3. Disable Ctrl+Alt+Del
# systemctl mask ctrl-alt-del.target

4. Remove Unnecessary Software Packages

# rpm -qa
# yum list installed >> installed.txt
# yum remove package_name

5. Remove Unneeded Services

# ss -tulpn
# systemctl list-units -t service
# yum remove postfix

6. Encrypt Transmitted Data of VNC

# ssh -L 5902:localhost:5901 remote_machine
# vncviewer localhost:5902

7. Network Port Scanning

# nmap -sT -O IP Address

8. Packet-filtering Firewall
# yum install firewalld
# systemctl start firewalld.service
# systemctl enable firewalld.service
# firewall-cmd --list-all

9. Disable Useless SUID and SGID Commands

# find / -path /proc -prune -o -type f \( -perm -4000 -o -perm -2000 \) -
exec ls -l {} \;
# chmod u-s /path/to/binary_file
# chmod g-s /path/to/binary_file

10. Check for Unowned Files and Directories

# find / -nouser -o -nogroup -exec ls -l {} \;

11. Hardening /etc/sysctl.conf

net.ipv4.conf.all.accept_source_route=0
ipv4.conf.all.forwarding=0

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.all.rp_filter=2
net.ipv4.icmp_echo_ignore_all = 0