Sysadmins around the world have been provided with another helpful guide on how to go about hardening their Linux workstations, as Konstantin Ryabitsev, Director of Collaborative IT Services at The Linux Foundation, has released the document on GitHub for anyone to download.
“All of LF employees are remote workers and we use this set of guidelines to ensure that a sysadmin’s system passes core security requirements in order to reduce the risk of it becoming an attack vector against the rest of our infrastructure,” he explained, and noted that even sysadmins who are not remote workers will find the guide useful.
But, he pointed out, the document is not meant to be THE ultimate manual for workstation hardening. “These guidelines are merely a basic set of core safety rules that is neither exhaustive, nor a replacement for experience, vigilance, and common sense.”
Readers are encouraged to find their own balance between security and usability requirements and needs.
The document addresses topics such as choosing the right hardware, pre-boot environment, and Linux distribution. It offers general guidelines for the installation of the distributions and post-installation hardening, on safe workstation backup practices and browsing practices.
The management of passwords is also addressed, as is that of SSH and PGP private keys.
Every section sports a checklist, and short explanations of the considerations they kept in mind while opting for the choices that they believe are right for them. Some items in the checklists are more critical than others, and some will likely be only considered by the most paranoid sysadmins.
Nevertheless, it is a good read for everyone.