Configuration recommendations of a gnu/linux system

GNU/Linux systems offer a large number of possible configurations. Respecting and applying a few good practices, as recommended by the ANSSI, is enough to get a reasonably secure system while retaining the required functionalities.

GNU/Linux operating systems play an important role in various environments and are deployed in many products (switches, routers, televisions, vehicles, etc.).

A few configuration rules make it possible to obtain reasonably secure systems as long as some fundamental principles are respected. It should be checked methodologically that these are applied correctly, for example using a checklist.

This guide focuses primarily on generic system configuration guidelines and common sense principles that should be applied when deploying services on a GNU/Linux system.

In particular, the following points are discussed:

  • General principles of security and hardening
  • Hardware and firmware configuration
  • Securing the boot chain
  • Configuring system services
  • Kernel configuration
  • Privilege and access management
  • Isolation

The original version of the document, in French, can be found here.

Some of the versions below are obsolete and offered for archival purposes only.

  • pdf

    Configuration recommendations of a gnu/linux system - v2

    2.34 Mo

  • pdf

    Configuration recommendations of a gnu/linux system - v1.2 - obsolete

    1.27 Mo

Externals links