This course offers an extensive exploration into the security features and protocols necessary for maintaining robust security on Enterprise Linux systems. Designed for system administrators| security professionals| and IT personnel responsible for Linux systems| the course covers a variety of topics aimed at enhancing the security infrastructure of organizations.
The course begins with fundamental security concepts where participants learn about essential security principles such as minimization| hardening| and simplification of systems. It progresses through detailed explanations of tools and methods for scanning| probing| and mapping vulnerabilities| thus equipping attendees with the skills needed to identify and mitigate potential security threats. Each module is structured to provide both theoretical knowledge and practical skills through hands-on labs| ensuring that participants can apply what they've learned in real-world scenarios.
Learning Objectives
Course Details
Security Concepts
Basic Security Principles
RHEL7 Default Install
RHEL7 Firewall|
SUSE Basic Firewall Configuration
SLES12: File Security
Minimization – Discovery
Service Discovery| Hardening| Security Concepts
LAB TASKS: Removing Packages Using RPM|
Firewall Configuration| Process Discovery
Operation of the setuid() and capset() System Calls
Operation of the chroot() System Call
Scanning| Probing and Mapping Vulnerabilities
The Security Environment
Stealth Reconnaissance
The WHOIS database
Interrogating DNS
Discovering Hosts
Discovering Reachable Services
Reconnaissance with SNMP
Discovery of RPC Services
Enumerating NFS Shares
Nessus Insecurity Scanner
Configuring OpenVAS| Intrusion Detection Systems| Snort Rules | Writing Snort Rules
LAB TASKS: NMAP| OpenVAS| Advanced nmap Options
Password Security and PAM
UNIX Passwords| Password Aging| Auditing Passwords
PAM Overview| PAM Module Types| PAM Order of Processing| PAM Control Statements
PAM Modules| pam_unix| pam_cracklib.so| pam_pwcheck.so
pam_env.so| pam_xauth.so|pam_tally2.so| pam_wheel.so
pam_limits.so| pam_nologin.so
pam_deny.so| pam_warn.so| pam_securetty.so| pam_time.so
pam_access.so| pam_listfile.so| pam_lastlog.so
pam_console.so
LAB TASKS: John the Ripper| Cracklib| Using pam_listfile to Implement Arbitrary ACLs
Using pam_limits to Restrict Simultaneous Logins
Using pam_nologin to Restrict Logins
Using pam_access to Restrict Logins |su & pam
Secure Network Time Protocol (NTP)
The Importance of Time
Hardware and System Clock| Time Measurements
NTP Terms and Definitions| Synchronization Methods
NTP Evolutions| Time Server Hierarchy
Operational Modes| NTP Clients
Configuring NTP Clients and Servers
Securing NTP| NTP Packet Integrity
Useful NTP Commands
LAB TASKS: Configuring and Securing NTP
Peering NTP with Multiple Systems
Kerberos Concepts and Components
Common Security Problems| Account Proliferation
The Kerberos Solution| Kerberos History
Kerberos Implementation
Kerberos Concepts| Kerberos Principals
Kerberos Safeguards| Kerberos Components
Authentication Process| Identification Types
Logging In| Gaining Privileges
Using Privileges| Kerberos Components and the KDC
Kerberized Services Review
KDC Server Daemons
Configuration Files
Utilities Overview
Implementing Kerberos
Plan Topology and Implementation| Kerberos 5 Client Software
Kerberos 5 Server Software| Synchronize Clocks
Create Master KDC| Configuring the Master KDC
KDC Logging| Kerberos Realm Defaults|
Specifying [realms]| Specifying [domain_realm]
Allow Administrative Access| Create KDC Databases
Create Administrators| Install Keys for Services| Start Services
Add Host Principals| Add Common Service Principals|
Configure Slave KDCs| Create Principals for Slaves| Define Slaves as KDCs
Copy Configuration to Slaves| Install Principals on Slaves| Synchronization of Database
Propagate Data to Slaves| Create Stash on Slaves| Start Slave Daemons
Client Configuration| Install krb5.conf on Clients| Client PAM Configuration | Install Client Host Keys| LAB TASKS - Implementing Kerberos
Administering and Using Kerberos
Administrative Tasks| Key Tables
Managing Key types| Managing Principals
Viewing Principals
Adding| Deleting and Modifying Principals
Principal Policy| Overall Goals for Users
Signing into Kerberos
Ticket Types| Viewing Tickets
Removing Tickets| Passwords| Changing Passwords| Giving Others Access
Using Kerberized Services| Kerberized FTP|
Enabling Kerberized Services| OpenSSH and Kerberos
LAB TASKS - Using Kerberized Clients| Forwarding Kerberos Tickets
OpenSSH with Kerberos| Wireshark and Kerberos
Securing the Filesystem
Filesystem Mount Options
NFS Properties| NFS Export Option
NFSv4 and GSSAPI Auth
Implementing NFSv4
Implementing Kerberos with NFS
GPG – GNU Privacy Guard
File Encryption with OpenSSL| File Encryption With encfs
Linux Unified Key Setup (LUKS)
LAB TASKS: Securing Filesystems| Securing NFS
Implementing NFSv4| File Encryption with GPG
File Encryption with OpenSSL
LUKS-on-disk format Encrypted Filesystem
AIDE
Host Intrusion Detection Systems
Using RPM as a HIDS
Introduction to AIDE
AIDE installation
AIDE Policies
AIDE Usage Chapter Selection
LAB TASKS:
File Integrity Checking with RPM
File Integrity Checking with AIDE
Accountability with Kernel Audit
Accountability and Auditing
Simple Session Auditing
Simple Process Accounting and Command History
Kernel-Level Auditing
Configuring the Audit Daemon
Controlling Kernel Audit System
Creating Audit Rules
Searching Audit Logs
Generating Audit Log Reports
Audit Log Analysis
LAB TASKS: Auditing Login/Logout| Auditing File Access
Auditing Command Execution
SE Linux
DAC vs. MAC| Shortcomings of Traditional Unix Security
AppArmor| SELinux Goals| SELinux Evolution
SELinux Modes| Gathering SELinux Information| SELinux Virtual Filesystem
SELinux Contexts| Managing Contexts| The SELinux Policy
Choosing an SELinux Policy| Policy Layout| Tuning and Adapting Policy
Booleans| Permissive Domains| Managing File Context Database
Managing Port Contexts| SELinux Policy Tools| Examining Policy
SELinux Troubleshooting| SELinux Troubleshooting Continued
LAB TASKS: Exploring SELinux Modes| Exploring AppArmor Modes
SELinux Contexts in Action| Exploring AppArmor
Managing SELinux Booleans| Creating Policy with Audit2allow
Creating & Compiling Policy from Source
Security Apache
Apache Overview| httpd.conf - Server Settings
Configuring CGI| Turning off Unneeded Modules
Delegating Administration
Apache Access Controls (mod_access)
HTTP User Authentication| Standard Auth Modules
HTTP Digest Authentication
Authentication via SQL| Authentication via LDAP
Authentication via Kerberos
Scrubbing HTTP Headers| Metering HTTP Bandwidth
LAB TASKS: - Hardening Apache by Minimizing Loaded Modules| Scrubbing Apache & PHP Version Headers
Protecting Web Content| Using the suexec Mechanism| Create a TLS CA key pair| Using SSL CA Certificates with Apache
Enable Apache SSL Client Certificate Authentication| Enabling SSO in Apache with mod_auth_kerb
Securing PostgreSQL
PostgreSQL Overview| Postgres SQL Default Config
Configuring TLS| Client Authentication Basics
Client Authentication Basics
Advanced Authentication| Ident-based Authentication
LAB TASKS: Configure PostgreSQL
PostgreSQL with TLS
PostgreSQL with Kerberos Authentication
Securing PostgreSQL with Web Based Applications
SECURING EMAIL SYSTEMS
SMTP Implementations
Security Considerations
chrooting Postfix
Email with GSSAPI/Kerberos Auth
LAB TASKS: Postfix In a Change Root Environment
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):