Hardening is the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.
Â
There are various methods of hardening Unix and Linux systems. This may involve, among other measures, applying a patch to the kernel such as Exec Shield or PaX; closing open network ports; and setting up intrusion-detection systems, firewalls and intrusion-prevention systems. There are also hardening scripts and tools like Lynis, Bastille Linux, JASS for Solaris systems and Apache/PHP Hardener that can, for example, deactivate unneeded features in configuration files or perform various other protective measures.
Â
We can implement Security Hardening features for Nutanix AHV and Controller VM:
- Hardening AHV: We can use Nutanix Command Line Interface (nCLI) in order to customize various configuration settings related to AHV
      Reference Link
- Hardening Controller VM: We can use Nutanix Command Line Interface (nCLI) in order to customize the various configuration settings related to CVM
      Reference Link
Â
For more details, refer to For Security Guide