Today, I am looking at a set of security scripts, which harden Ubuntu Server (20.04 or 22.04). Hardening is the process to change the system configuration in order to meet the basic set of compliance standards. In this example we will receive our compliance information from lynis, CIS and the DISA STIG. There are several things to discuss before jumping into the video. WARNING: Never try a new automation script on production servers without first testing it in a controlled lab on test equipment! - you have been warned First, how do we know what we need to change on our systems in order to bring it into compliance with various agency and regulatory standards. The first is the tool set provided by: https://github.com/konstruktoid/hardening Second, Once we have applied the changes to our system, how do we know we have met the standards we are trying to comply with? https://www.open-scap.org/ Security Content Automation Protocol (SCAP) is a method for using specific standards to help organizations automate vulnerability management and policy compliance evaluation. SCAP comprises numerous open security standards, as well as applications which use these standards to check systems for vulnerabilities and misconfigurations. One of the compliance files is called a STIG or A Security Technical Implementation Guide is a configuration standard consisting of cybersecurity requirements for a specific product. These are usually crafted for a specific operating system and version such as Ubuntu 20.04, RedHat 8, etc. One other method of security validation I did not show is CIS Ubuntu Security Benchmark and you can find more information here: https://www.cisecurity.org/benchmark/ubuntu_linux 00:00 - Intro 00:28 - Preparations 01:31 - Setup the Server 06:40 - Change ubuntu.cfg 08:56 - running the ubuntu.sh script 09:38 - validating the changes 11:17 - Running a few tests (768) 14:46 - OpenSCAP Run 16:19 - SCAP Analysis 21:17 - Final Thoughts 22:12 - Outro Support me on Patreon: https://www.patreon.com/DJWare Follow me: Twitter @djware55 Facebook:https://www.facebook.com/don.ware.7758 Discord: https://discord.gg/hQcShnh Gitlab: https://gitlab.com/djware27 "Tech Live" Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 4.0 License http://creativecommons.org/licenses/by/4.0 "Militaire Electronic" Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 4.0 License http://creativecommons.org/licenses/by/4.0/ Werq by Kevin MacLeod Link: https://incompetech.filmmusic.io/song/4616-werq License: https://filmmusic.io/standard-license Industrial Cinematic by Kevin MacLeod Link: https://incompetech.filmmusic.io/song/3909-industrial-cinematic License: https://filmmusic.io/standard-license Music Used in this v ... https://www.youtube.com/watch?v=XYxybI7xZTw

A week just isn't enough time to review this Linux Distro, it is so unique and fresh it needs more time, so I am presenting this video as my initial musings in working with the OS and will be back soon to talk more about what I have learned along the way. The only way to truly review this kind of distro is to put it into daily use for as much time as needed to explore it throughly and learn the pros and the cons while in daily use. So that is my plan, more to come... I suppose you might compare with with Intels ClearLinux or Fedora's Silverblue, but this is a completely different design. One thing I did not talk about was of course you can remove packages from your filesystem as well. Chapters 00:00 Intro 00:49 NixOS Problem Statement 11:07 NixOS and Nix 12:44 NixOS Problem Statement 14:05 NixOS Overview 18:17 NixOS System Requirements 20:08 Installing NixOS 45:46 NixOS Final Thoughts Support me on Patreon: https://www.patreon.com/DJWare Follow me: Twitter @djware55 Facebook:https://www.facebook.com/don.ware.7758 Discord: https://discord.gg/hQcShnh Gitlab: https://gitlab.com/djware27 "Brightly Fancy" Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 4.0 License http://creativecommons.org/licenses/by/4.0 "Militaire Electronic" Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 4.0 License http://creativecommons.org/licenses/by/4.0/ Werq by Kevin MacLeod Link: https://incompetech.filmmusic.io/song/4616-werq License: https://filmmusic.io/standard-license Industrial Cinematic by Kevin MacLeod Link: https://incompetech.filmmusic.io/song/3909-industrial-cinematic License: https://filmmusic.io/standard-license Music Used in this video "NonStop" Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0 License #nixos #nix #declarative ... https://www.youtube.com/watch?v=jJg1HI4gLXs