This chapter indicates possible adjustments to Linux settings to increase the level of security. For the most part, these are settings that are not directly related to the D2000
...
Preventing information leakage through issue files
We recommend changing the "issue" and "issue.net" files to either not provide any relevant data or to provide misleading data. At the same time, we recommend including information on the authorized use of the system and possible penalties for unauthorized use of the system in these files. Example:
WARNING : Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your actions-
may be monitored if unauthorized usage is suspected.
...
chmod a-st /usr/bin/chage
chmod a-st /usr/bin/gpasswd
chmod a-st /usr/bin/newgrp
chmod a-st /usr/bin/fusermount3
chmod a-st /usr/bin/pkexec
chmod a-st /usr/bin/crontab
chmod a-st /usr/bin/chfn
chmod a-st/usr/bin/at
chmod a-st /usr/bin/chsh
chmod a-st /usr/bin/fusermount
chmod a-st /usr/bin/ksu
chmod a-st /usr/libexec/sssd/ldap_child
chmod a-st /usr/libexec/sssd/proxy_child
chmod a-st /usr/libexec/sssd/selinux_child
chmod a-st /usr/libexec/cockpit-session
chmod a-st /usr/lib/polkit-1/polkit-agent-helper-1
chmod a-st /usr/sbin/userhelper
chmod a-st /usr/sbin/unix_chkpwd
chmod a-st /usr/bin/locate
chmod a-st /usr/libexec/openssh/ssh-keysign
Checking open TCP and UDP ports and processes listening on them (with the command netstat -46npl ) and subsequent reduction of unnecessary ones. For example, on a particular server, the rpcbind.socket and rpcbind services, which were previously used to mount the NFS subsystem, were disabled.
Other recommendations (from Windows Hardening section)