I harden Linux servers to CIS Benchmark Level 1 or Level 2 — the gold standard for Linux security configuration used by enterprises and compliance frameworks including SOC 2, PCI-DSS, and HIPAA.
Hardening scope covers: SSH configuration lockdown (key-only auth, ciphers, protocol settings); sysctl kernel parameter tuning for network and memory security; auditd rules for system call and file privs logging; PAM configuration and login failure lockout; unnecessary service and package removal; filesystem permissions review; and UFW/iptables baseline rules.
Deliverables include a before/after CIS score using Lynis or OpenSCAP, a full change report documenting every modification and rationale, and — for multi-server engagements — a reusable Ansible hardening playbook so future servers can be bootstrapped to the same standard automatically.
Works on Ubuntu, Debian, RHEL, CentOS, AlmaLinux, Rocky Linux, and Amazon Linux. Provide SSH privs (or we work interactively) and a list of services that must remain running — I audit before touching anything.