2019-04-01 22:32:27 +02:00
|
|
|
# Use case deploy document
|
2019-04-01 22:45:52 +02:00
|
|
|
[nginx-mutual-ssl-proxy-http](https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/tls/nginx-mutual-ssl-proxy-http.md)
|
2019-04-01 22:32:27 +02:00
|
|
|
|
|
|
|
|
# How to use harbian-audit to audit and apply
|
2019-03-31 21:12:39 +02:00
|
|
|
|
|
|
|
|
## Server node
|
|
|
|
|
```
|
|
|
|
|
sudo iptables-restore iptables_ufw-4-server.cfg
|
|
|
|
|
sudo bash bin/hardening.sh --audit-all
|
|
|
|
|
# This is set special service to exception(6.2 6.3 6.10)
|
|
|
|
|
sudo bash bin/hardening.sh --set-hardening-level 5 --allow-service dns,http,cups
|
|
|
|
|
sudo bash bin/hardening.sh --audit-all
|
|
|
|
|
sudo bash bin/hardening.sh --apply
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Client node
|
|
|
|
|
```
|
|
|
|
|
sudo iptables-restore iptables_ufw-4-client.cfg
|
|
|
|
|
sudo bash bin/hardening.sh --audit-all
|
|
|
|
|
# This is set special service to exception(6.10)
|
|
|
|
|
sudo bash bin/hardening.sh --set-hardening-level 5 --allow-service http
|
|
|
|
|
sudo bash bin/hardening.sh --audit-all
|
|
|
|
|
sudo bash bin/hardening.sh --apply
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
2019-04-01 22:32:27 +02:00
|
|
|
|
|
|
|
|
|
