Chapter Seven · Making a Foothold Reach Nothing

System and Host Hardening

The intruder has a foothold on a Meridian host. This chapter hardens the host so that foothold reaches nothing — closing the privilege-escalation paths, shrinking the OS attack surface, adding endpoint detection, and keeping software patched. It assumes basic Linux from the Linux Deep Dive and focuses on the security-relevant configuration.

5 topics

A default operating system install ships with far more running services, installed packages, and standing privilege than any single role needs — and every one of them is attack surface for someone already on the box. Hardening is the disciplined reduction of that surface plus the controls that make the remainder harder to abuse, so that the foothold from Chapter 5 lands somewhere small, loud, and stuck.

Five topics: inventorying the host attack surface, closing the privilege-escalation paths that turn a user shell into root, applying a concrete hardening baseline, adding endpoint detection and response, and running patching as a measured program. The recurring theme is minimize first, then protect what remains.

Hardening a Meridian host — minimize, then protect
1
Minimize surface
services · ports · accounts
2
Close escalation
sudo · SUID · kernel
3
Harden config
SSH · baseline · SELinux/AppArmor
4
Detect and patch
EDR · patch management

Topics in This Chapter