• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle
  • Do a search for you server OS + STIG

    Then, for each service you’re hosting on that server, do a search for:

    Service/Program name + STIG/Benchmark

    There’s tons of work already done by the vendors in conjunction with the DoD (and CIS) to create lists of potential vulnerable settings that can be corrected before deploying the server.

    Along with this, you can usually find scripts and/or Ansible playbooks that will do most of the hardening for you. Though it’s a good Idea to understand what you do and do not need done.


  • Another reason for going with a swap file vs partition (if you need either) are nvme and SSD drives.

    A partition that’s only a few GB and written to constantly will wear out a solid state drive quickly.

    Using a swap file in a larger partition that has other data allows the drive to even out the wear across more storage cells.