Endpoint Security

Security for endpoints — Linux hardening, host-based intrusion detection, and runtime security.

Sections

Linux Hardening

• Linux Hardening — AppArmor, SELinux, sysctl, PAM

IDS/IPS

• IPS — Network and host-based intrusion detection (Suricata, Wazuh HIDS)

Falco

• Falco — Runtime security for Kubernetes and Linux

Endpoint Security Layers

1. Hardening — Reduce attack surface (disable services, patch)
2. Access Control — PAM, sudo, file permissions
3. Monitoring — Logs, audit, syscall monitoring
4. Detection — IDS, file integrity, rootkit detection
5. Response — Auto-isolate, block, notify

Tool Stack

Tool	Type	Purpose
Wazuh Agent	HIDS	File integrity, rootkit detection, log collection
Falco	HIDS	Runtime syscall monitoring
AppArmor	LSM	Application sandboxing
SELinux	LSM	Mandatory access control
auditd	Logging	System call auditing

Related

• Wazuh — Agent-based endpoint collection
• Alerting — Endpoint alert design