Modulo Hardening
Aplicacao de politicas de seguranca.
Verificacoes
| Item | Descricao |
|---|---|
| Fail2Ban | Instalacao e configuracao |
| Kernel Hardening | Parametros sysctl de seguranca |
| Servicos | Desabilitar servicos desnecessarios |
Fail2Ban
Configuracao Aplicada
- Backend: systemd
- Ban time: 1h
- Find time: 10min
- Max retry: 3
- Whitelist do IP da conexao atual
Jail SSH
[sshd]
enabled = true
port = 2222
maxretry = 3
findtime = 600
bantime = 3600Kernel Hardening
Parametros aplicados via /etc/sysctl.d/:
# Rede
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.tcp_congestion_control = bbr
# Conntrack para Docker/NAT
net.netfilter.nf_conntrack_max = 1000000
# Performance
vm.swappiness = 10
vm.dirty_ratio = 60