# System Hardening (classic)

Hardening is the process of reducing the attack surface of an operating system or an application by enforcing a set of configurations in line with security best practices.

The Nexthink cloud platform relies partially on software appliances hosting [Engine (classic)](https://docs.nexthink.com/platform/references/references-classic/glossary-classic/engine-classic) and [Portal (classic)](https://docs.nexthink.com/platform/references/references-classic/glossary-classic/portal-classic). The system hardening follows the Center for Internet Security (CIS) benchmark for Oracle Linux 8 L1.

Level 1 (L1) security controls provide a clear security benefit while having a minor impact on performance and maintaining usability. All customer instances have Level 1 (L1) security control settings automatically applied.

## Hardening measures <a href="#systemhardening-classic-hardeningmeasures" id="systemhardening-classic-hardeningmeasures"></a>

### CIS hardening <a href="#systemhardening-classic-cishardening" id="systemhardening-classic-cishardening"></a>

Enforcing all the CIS L1 checks requires some degree of fine-tuning to match our product configuration. We keep those changes to a strict minimum and ensure they do not impact our product's security.

Contact [Nexthink Support](https://support.nexthink.com/) to request the list of changes.

We will keep our hardening configuration aligned with future versions of the CIS benchmark.

### CIS exceptions <a href="#systemhardening-classic-cisexceptions" id="systemhardening-classic-cisexceptions"></a>

Some hardening configurations are not applied as described by the CIS benchmark in the context of the Nexthink cloud platform. Those configurations are mitigated in a different way, to achieve the same objective.

Contact [Nexthink Support](https://support.nexthink.com/) to request the list of exceptions.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nexthink.com/platform/security/system-hardening-classic.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.