Skip to Content
GuidesHardened Server

Hardened Server

Build a CIS-compliant, security-hardened Debian server.

Prompt

Create a CIS Level 2 hardened Debian production server with:

Security:
- CIS Level 2 hardening
- Audit logging enabled
- Automatic security updates
- Fail2ban for intrusion prevention

SSH:
- Port 22
- Key-only authentication
- No root login
- Max 3 auth attempts

Users:
- sysadmin (sudo)
- appuser (no sudo, for running applications)

Firewall:
- Default deny incoming
- Allow SSH (22/tcp)
- Allow HTTP (80/tcp)
- Allow HTTPS (443/tcp)

Set timezone to UTC. Disable IPv6.

Adding Tests

After OpenFactory generates the recipe, add verification tests:

Add tests to verify:
- CIS Level 2 benchmark passes
- auditd is running with rules loaded
- SSH only allows key authentication
- fail2ban is protecting SSH
- Firewall rules are active

OpenFactory will add these as automated tests that run after the image builds.

Embedded DeviceNetwork Appliance