Hardening policies are commonly applied to Windows devices through Active Directory, Mac devices through an Apple MDM, or to both an open directory platform such as JumpCloud. But, establishing secure configurations for Linux is a more complex undertaking. As a consequence, it’s either not done or falls by the wayside. That’s why JumpCloud provides its users with a set of policies, based upon industry best practices, that work across Linux distributions for individual devices and groups.
Secure configurations are an important aspect of good IT hygiene. Endpoint detection and response (EDR), least privilege computing practices to manage entitlements, and patching are less effective without uniform policies to secure your devices. These policies strike a balance between a strong security posture and user productivity by providing options to harden surface controls that can be customized to best fit your organization’s unique requirements.
For instance, a policy that disables macros in Windows helps to guard against future vulnerabilities. Security experts have identified similar controls to defend Linux systems. If you harden your Windows systems, you should also harden your Linux devices.
Linux Secure Configurations Shouldn’t Be Disregarded
Secure configurations for Linux aren’t as straightforward or familiar to IT teams. In general, Linux devices aren’t managed as diligently as Windows systems, leaving a gaping hole in the visibility and oversight of IT infrastructure. One challenge is that IT admins may find that there’s more than one Linux distribution in their fleet. Even Windows shops encounter security appliance images that are Linux-based, e.g., devices such as security camera DVRs, or Raspberry Pi used for shop floor applications. Different home users may also have separate partitions, adding to IT’s administrative burden. Further, when there are hundreds of Windows PCs and only a handful of Linux devices, Linux security may become less of a priority.
IT organizations that are proactive about security shouldn’t accept the risk. JumpCloud’s approach to cross-OS management solves that problem and makes it easy.
Ask yourself… Is it worth leaving any unmanaged device on your network when you’ve heavily invested in security everywhere else? Linux malware is on the rise and many small and most medium-sized enterprises (SMEs) aren’t ready for it.
JumpCloud Secures and Manages Linux Systems
JumpCloud’s Linux security policies are pre-built and based upon industry best practices. Policies may be applied to individual devices or device groups for enrollment at scale. It’s as simple as selecting a policy and checking the appropriate boxes for your settings. JumpCloud’s agent supports current versions of:
- Amazon Linux
- Rocky Linux
The open directory platform handles policy deployment for you.
Linux Benchmark Policies
JumpCloud already provides Check Disk Encryption to assist with implementing LUKS full-disk encryption across Linux distros in addition to several CentOS server hardening profiles. The following details the new policies that are available for Linux secure configurations:
File Ownership and Permissions
Secures systems files for Linux systems by setting permissions and ownership for system files.
Enhances a system’s network security by setting kernel parameters. This policy can disable IP and packet forwarding, prevent routed packets from being accepted, ignore ICMP broadcasts, enable path filtering and TCP SYN cookies, and log information about suspicious packets.
Partition and Mount Options
This checks partition and mount options. Directories that are used for system-wide functions can be further protected by placing them on separate partitions. This provides protection for resource exhaustion and enables the use of mounting options that are applicable to the directory’s intended use.
Disable Unused File Systems
Prevents an unauthorized user from introducing data onto or extracting data from a system, you should determine if a filesystem type is not necessary and if so, disable it. Native Linux file systems are designed to ensure that built-in security controls function as expected. Although non-native file systems can be used to solve different kinds of problems, they can also lead to unexpected consequences to both the security and functionality of the system.
SSH Server Configuration
Ensures the SSH server is properly configured. The settings in this policy only apply if the SSH daemon is installed on the system.
Deploy Linux Secure Configurations with JumpCloud
JumpCloud’s open directory provides LDAP services to manage your users and seamlessly syncs with and manages identities that reside in Azure AD and Google Workspace. Linux secure configuration is available at no additional cost, in addition to Windows and Apple mobile device management (MDM) policies to cover your entire fleet.
JumpCloud extends your ability to securely connect with and manage your resources, regardless of your OS or directory. It can also handle patching those systems, further enhancing your security posture. JumpCloud provides cloud RADIUS and SSO connectivity to manage user identities across domains with integrated multi-factor authentication (MFA). Sign up for free for up to 10 users and devices.