Enterprise Linux Security Administration

LNX-122 (5 Days)

Request Pricing

Linux Security Training Overview

This Enterprise Linux Security Administration training course teaches attendees how to properly secure machines running the Linux operating system. Students gain an excellent understanding of potential security vulnerabilities and learn a broad range of general hardening techniques.

Location and Pricing

Most Accelebrate courses are taught as private, customized training for 3 or more attendees at our clients' sites worldwide. In addition, we offer live, private online classes for teams who may be in multiple locations or wish to save on travel costs. Please visit our client list for organizations for whom we have delivered onsite training. To receive a customized proposal and price quote for private on-site or online training, please contact us.

Linux Security Training Objectives

All students will learn:

  • Gain an excellent understanding of potential security vulnerabilities
  • Packet filtering, password policies, and file integrity checking
  • How to audit existing machines and
  • How to securely deploy new network services.
  • How to use advanced security technologies such as Kerberos and SELinux

Linux Security Training Outline

Expand All | Collapse All | Printer-Friendly

introduction
Security Concepts
  • Basic Security Principles
  • RHEL7 Default Install
  • RHEL7 Firewall
  • SLES12 Default Install
  • SUSE Basic Firewall Configuration
  • SLES12: File Security
  • Minimization – Discovery
  • Service Discovery
  • Hardening
  • Security Concepts
Scanning, Probing, and Mapping Vulnerabilities
  • The Security Environment
  • Stealth Reconnaissance
  • The WHOIS database
  • Interrogating DNS
  • Discovering Hosts
  • Discovering Reachable Services
  • Reconnaissance with SNMP
  • Discovery of RPC Services
  • Enumerating NFS Shares
  • Nessus/OpenVAS Insecurity Scanner
  • Configuring OpenVAS
  • Intrusion Detection Systems
  • Snort Rules
  • Writing Snort Rules
Password Security and PAM
  • Unix Passwords
  • Password Aging
  • Auditing Passwords
  • PAM Overview
  • PAM Module Types
  • PAM Order of Processing
  • PAM Control Statements
  • PAM Modules
  • pam_unix
  • pam_cracklib.so
  • pam_pwcheck.so
  • pam_env.so
  • pam_xauth.so
  • pam_tally2.so
  • pam_wheel.so
  • pam_limits.so
  • pam_nologin.so
  • pam_deny.so
  • pam_warn.so
  • pam_securetty.so
  • pam_time.so
  • pam_access.so
  • pam_listfile.so
  • pam_lastlog.so
  • pam_console.so
Secure Network Time Protocol (NTP)
  • The Importance of Time
  • Hardware and System Clock
  • Time Measurements
  • NTP Terms and Definitions
  • Synchronization Methods
  • NTP Evolution
  • Time Server Hierarchy
  • Operational Modes
  • NTP Clients
  • Configuring NTP Clients
  • Configuring NTP Servers
  • Securing NTP
  • NTP Packet Integrity
  • Useful NTP Commands
Kerberos Concepts and Components
  • Common Security Problems
  • Account Proliferation
  • The Kerberos Solution
  • Kerberos History
  • Kerberos Implementations
  • Kerberos Concepts
  • Kerberos Principals
  • Kerberos Safeguards
  • Kerberos Components
  • Authentication Process
  • Identification Types
  • Logging In
  • Gaining Privileges
  • Using Privileges
  • Kerberos Components and the KDC
  • Kerberized Services Review
  • KDC Server Daemons
  • Configuration Files
  • Utilities Overview
Implementing Kerberos
  • Plan Topology and Implementation
  • Kerberos 5 Client Software
  • Kerberos 5 Server Software
  • Synchronize Clocks
  • Create Master KDC
  • Configuring the Master KDC
  • KDC Logging
  • Kerberos Realm Defaults
  • Specifying [realms]
  • Specifying [domain_realm]
  • Allow Administrative Access
  • Create KDC Databases
  • Create Administrators
  • Install Keys for Services
  • Start Services
  • Add Host Principals
  • Add Common Service Principals
  • Configure Slave KDCs
  • Create Principals for Slaves
  • Define Slaves as KDCs
  • Copy Configuration to Slaves
  • Install Principals on Slaves
  • Synchronization of Database
  • Propagate Data to Slaves
  • Create Stash on Slaves
  • Start Slave Daemons
  • Client Configuration
  • Install krb5.conf on Clients
  • Client PAM Configuration
  • Install Client Host Keys
Administering and Using Kerberos
  • Administrative Tasks
  • Key Tables
  • Managing Keytabs
  • Managing Principals
  • Viewing Principals
  • Adding, Deleting, and Modifying Principals
  • Principal Policy
  • Overall Goals for Users
  • Signing Into Kerberos
  • Ticket types
  • Viewing Tickets
  • Removing Tickets
  • Passwords
  • Changing Passwords
  • Giving Others Access
  • Using Kerberized Services
  • Kerberized FTP
  • Enabling Kerberized Services
  • OpenSSH and Kerberos
Securing the Filesystem
  • Filesystem Mount Options
  • NFS Properties
  • NFS Export Option
  • NFSv4 and GSSAPI Auth
  • Implementing NFSv4
  • Implementing Kerberos with NFS
  • GPG – GNU Privacy Guard
  • File Encryption with OpenSSL
  • File Encryption With encfs
  • Linux Unified Key Setup (LUKS)
Aide
  • Host Intrusion Detection Systems
  • Using RPM as a HIDS
  • Introduction to AIDE
  • AIDE Installation
  • AIDE Policies
  • AIDE Usage
Accountability with Kernel Auditd
  • Accountability and Auditing
  • Simple Session Auditing
  • Simple Process Accounting & Command History
  • Kernel-Level Auditing
  • Configuring the Audit Daemon
  • Controlling Kernel Audit System
  • Creating Audit Rules
  • Searching Audit Logs
  • Generating Audit Log Reports
  • Audit Log Analysis
Selinux
  • DAC vs. MAC
  • Shortcomings of Traditional Unix Security
  • AppArmor
  • SELinux Goals
  • SELinux Evolution
  • SELinux Modes
  • Gathering SELinux Information
  • SELinux Virtual Filesystem
  • SELinux Contexts
  • Managing Contexts
  • The SELinux Policy
  • Choosing an SELinux Policy
  • Policy Layout
  • Tuning and Adapting Policy
  • Booleans
  • Permissive Domains
  • Managing File Context Database
  • Managing Port Contexts
  • SELinux Policy Tools
  • Examining Policy
  • SELinux Troubleshooting
  • SELinux Troubleshooting Continued
Securing Apache
  • Apache Overview
  • httpd.conf – Server Settings
  • Configuring CGI
  • Turning Off Unneeded Modules
  • Delegating Administration
  • Apache Access Controls (mod_access)
  • HTTP User Authentication
  • Standard Auth Modules
  • HTTP Digest Authentication
  • TLS Using mod_ssl.so
  • Authentication via SQL
  • Authentication via LDAP
  • Authentication via Kerberos
  • Scrubbing HTTP Headers
  • Metering HTTP Bandwidth
Securing PostgreSQL
  • PostgreSQL Overview
  • PostgreSQL Default Config
  • Configuring TLS
  • Client Authentication Basics
  • Advanced Authentication
  • Ident-based Authentication
Securing Email Systems
  • SMTP Implementations
  • Security Considerations
  • chrooting Postfix
  • Email with GSSAPI/Kerberos Auth
Conclusion
Request Pricing

Lecture percentage

50%

Lecture/Demo

Lab percentage

50%

Lab

Course Number:

LNX-122

Duration:

5 Days

Prerequisites:

This class covers advanced security topics and is intended for experienced systems administrators. Candidates should have current Linux or UNIX systems administration experience equivalent to Accelebrate’s Linux Fundamentals, Enterprise Linux Systems Administration, and Enterprise Linux Network Services courses.

Training Materials:

All Linux training attendees receive comprehensive courseware and a related textbook.

Software Requirements:

  • Windows, Mac, or Linux PCs with at least 8 GB RAM
  • Accelebrate can provide a VirtualBox or VMware environment with all software needed for the class
    • This class can be taught using the Linux distribution of your choice
  • Please contact us for further setup details

Contact Us:

Accelebrate’s training classes are available for private groups of 3 or more people at your site or online anywhere worldwide.

Don't settle for a "one size fits all" public class! Have Accelebrate deliver exactly the training you want, privately at your site or online, for less than the cost of a public class.

For pricing and to learn more, please contact us.

Contact Us Train For Us

Toll-free in US/Canada:
877 849 1850
International:
+1 678 648 3113

Toll-free in US/Canada:
866 566 1228
International:
+1 404 420 2491

925B Peachtree Street, NE
PMB 378
Atlanta, GA 30309-3918
USA

Subscribe to our Newsletter:

Never miss the latest news and information from Accelebrate:

Microsoft Gold Partner

Please see our complete list of
Microsoft Official Courses

Recent Training Locations

Alabama

Huntsville

Montgomery

Birmingham

Alaska

Anchorage

Arizona

Phoenix

Tucson

Arkansas

Fayetteville

Little Rock

California

San Francisco

Oakland

San Jose

Orange County

Los Angeles

Sacramento

San Diego

Colorado

Denver

Boulder

Colorado Springs

Connecticut

Hartford

DC

Washington

Florida

Fort Lauderdale

Miami

Jacksonville

Orlando

Saint Petersburg

Tampa

Georgia

Atlanta

Augusta

Savannah

Idaho

Boise

Illinois

Chicago

Indiana

Indianapolis

Iowa

Ceder Rapids

Des Moines

Kansas

Wichita

Kentucky

Lexington

Louisville

Louisiana

Baton Rouge

New Orleans

Maine

Portland

Maryland

Annapolis

Baltimore

Hagerstown

Frederick

Massachusetts

Springfield

Boston

Cambridge

Michigan

Ann Arbor

Detroit

Grand Rapids

Minnesota

Saint Paul

Minneapolis

Mississippi

Jackson

Missouri

Kansas City

St. Louis

Nebraska

Lincoln

Omaha

Nevada

Reno

Las Vegas

New Jersey

Princeton

New Mexico

Albuquerque

New York

Buffalo

Albany

White Plains

New York City

North Carolina

Charlotte

Durham

Raleigh

Ohio

Canton

Akron

Cincinnati

Cleveland

Columbus

Dayton

Oklahoma

Tulsa

Oklahoma City

Oregon

Portland

Pennsylvania

Pittsburgh

Philadelphia

Rhode Island

Providence

South Carolina

Columbia

Charleston

Spartanburg

Greenville

Tennessee

Memphis

Nashville

Knoxville

Texas

Dallas

El Paso

Houston

San Antonio

Austin

Utah

Salt Lake City

Virginia

Richmond

Alexandria

Arlington

Washington

Tacoma

Seattle

West Virginia

Charleston

Wisconsin

Madison

Milwaukee

Alberta

Edmonton

Calgary

British Columbia

Vancouver

Nova Scotia

Halifax

Ontario

Ottawa

Toronto

Quebec

Montreal

Puerto Rico

San Juan

© 2013-2019 Accelebrate, Inc. All Rights Reserved. All trademarks are owned by their respective owners.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.