Skip to end of metadata
Go to start of metadata
- Use latest LTS stable versions
- Use minimum run-time code, minimize the amount of software installed on the system.
- If you don't intend to use a piece of software, then don't install it.
- If you don't intend to use a service, stop that service and uninstall it.
- If you no longer need a piece of software, uninstall it.
- If possible, run each network service on a separate system to minimize the risk of one compromised service being used to compromise another service.
- Delete all compilers once finished building the images
- Use git-secrets for id management
- Each person should have their own individual account
- Each application should have its own individual account.
- Do not allow directly into the root account. This goes for any shared or application account as well.
- Do not let users log in directly as the web server user, for example. At least require them to log into their individual accounts first, and then switch to the root or other shared account user.
- When someone switches to another account, a log entry is created, and that can help with auditing.
- Practice least privilege.