Chapter 15: Ubuntu Hardening and Patch Operations

Word target: 3,400
Primary deliverable: Practical Ubuntu hardening profile
Key diagrams: Layered defense model

Learning Goals

• Apply host-level hardening suited to homelab operations.
• Build predictable patch windows and emergency patch policy.
• Measure and reduce exposed attack surface.

MVP Lab Worksheet

• Objective: Implement baseline hardening controls.
• Starting state: Ubuntu baseline active.
• Steps:
  1. Configure firewall and service exposure.
  2. Enforce update policy and package hygiene.
  3. Validate hardening with checklist.
• Evidence: Hardening checklist with pass/fail results.
• Exit criteria: Critical controls enabled and verified.
• Rollback: Restore previous firewall/service policy snapshot.

Advanced Lab Worksheet

• Objective: Continuous security remediation loop.
• Starting state: Baseline hardened.
• Steps:
  1. Run periodic vulnerability scans.
  2. Prioritize findings by risk and exploitability.
  3. Remediate and retest.
• Evidence: Scan diff report and closure log.
• Exit criteria: High-risk findings closed within policy window.
• Rollback: Revert risky remediations with change control record.

Portability Placeholder

Keep distro-specific hardening commands in sidebars, not core narrative.