- 2 Factor Authentication (Authy)
- UFW (Firewall)
- FSTAB (Secure Shared Memory) [Step 2]
- Disallow Root Access [Step 3]
- Protect SU [Step 4]
- SYSCTL Settings (Harden Network) [Step 5]
- IP Spoofing [Step 7]
- DenyHosts (Prevent Brute Force Attacks)
- Fail2Ban (Protect SSH)
- PSAD (Network Intrusion Detection)
- Tripwire (Server Intrusion Detection)
- RKHunter (Rootkit Guard)
- Apparmor (SELinux) [Step 17]
Ubuntu CIS Benchmark
This document provides prescriptive guidance for establishing a secure configuration posture for Ubuntu 12.04 LTS Server. To obtain the latest version of this guide, please visit http://benchmarks.cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at [email protected].
https://benchmarks.cisecurity.org/tools2/ubuntu/CIS_Ubuntu_12.04_LTS_Server_Benchmark_v1.0.0.pdf
Apache CIS Benchmark
This document, CIS Apache 2.4 Benchmark, provides prescriptive guidance for establishing a secure configuration posture for Apache Web Server versions 2.4 running on Linux. This guide was tested against Apache Web Server 2.4.3 – 2.4.6 as built from source httpd-2.4.x.tar.gz from http://httpd.apache.org/ on Linux. To obtain the latest version of this guide, please visit http://benchmarks.cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at [email protected].
https://benchmarks.cisecurity.org/tools2/apache/CIS_Apache_HTTP_Server_2.4_Benchmark_v1.1.0.pdf
Got it from http://askubuntu.com/questions/447144/basic-security-tools-and-packages-that-should-be-installed-on-a-public-facing-we