The Linux Hardening Toolkit is a powerful and easy-to-use script to enhance the security of your Linux systems.
It applies a wide range of best practices for system hardening, service minimization, kernel protection, and package security.
Designed for Debian, Ubuntu, and Fedora systems.
β
Harden system configuration (sysctl, limits, permissions)
β
Install essential security packages (e.g., Firejail, AppArmor, AIDE, Zeek, Suricata)
β
Disable unnecessary and vulnerable services
β
Blacklist unused and risky kernel modules
β
Runs multiple times without conflict
β
Logging of all operations to /var/log/harden_linux.log
β
Dry-run mode and Assume-yes automation
β
Colored terminal output for better readability
β
Compatible with Ubuntu, Debian, and Fedora
- Bash 4+
sudoprivileges- Supported Linux distribution:
- Ubuntu 20.04/22.04+
- Debian 11+
- Fedora 36+
First, make the script executable:
chmod +x harden_linux.shThen, you can run it with different options:
| Command Example | Description |
|---|---|
sudo ./harden_linux.sh --all --assume-yes |
Apply full system hardening automatically |
sudo ./harden_linux.sh --install |
Only install security-related packages |
sudo ./harden_linux.sh --permissions |
Only fix system file permissions |
sudo ./harden_linux.sh --services |
Only disable unnecessary services |
sudo ./harden_linux.sh --dry-run --all |
Simulate all changes without applying them |
./harden_linux.sh --help |
Show help message |
./harden_linux.sh --version |
Display version information |
- Backups: The script automatically backs up critical configuration files before modifying them.
- Dry-Run: Always recommended on production servers before applying changes.
- Logs: All actions are logged to
/var/log/harden_linux.logfor audit and troubleshooting.