Resolved Pre-Onxy Server Hardening (CIS Benchmark)

[Walter]

I will be using Debian or Ubuntu server to deploy a new instance of Onyx. Here are some questions regarding steps to harden my OS before loading Onyx or additional software...

1. CIS Benchmark: Does Plesk Onyx support a server OS that has been pre-hardened with the CIS benchmark? Are there any particular settings I need to avoid?

Specifically I'm asking about the particular sections of CIS Benchmark relating to:

Network configuration
TCP Wrappers
Disabling uncommon network protocols
System File Permissions
User and Group Settings

2. SELinux / AppArmor: Does Plesk/Onyx support one or both of these security apps with the Onyx product?

 

[IgorG]

All supported OSes can be found here Software Requirements for Plesk
Plesk supports SELinux on RHEL and CentOS operating systems since Plesk 12.5
For Debian-like OSes Plesk supports AppArmor.

 

[Walter]

I created a support ticket with Plesk and received the following statement, "The server hardening as per DISA or CIS benchmarks should not cause any issues with Plesk operations normally."