Linux Security Administration


Course Number: LNX-108

Duration: 5 days (32.5 hours)

Format: Live, hands-on

Linux Security Training Overview

Accelebrate's Linux Security Administration course teaches students to secure machines running the Linux operating system. Attendees learn a broad range of general security techniques such as packet filtering, password policies, and file integrity checking, as well as advanced security technologies such as Kerberos and SELinux.

NOTE: This class can be taught using the Linux distribution of your choice.

Location and Pricing

Accelebrate offers instructor-led enterprise training for groups of 3 or more online or at your site. Most Accelebrate classes can be flexibly scheduled for your group, including delivery in half-day segments across a week or set of weeks. To receive a customized proposal and price quote for private corporate training on-site or online, please contact us.

In addition, some Programming courses are available as live, online classes for individuals.

Objectives

  • Have an excellent understanding of potential security vulnerabilities 
  • Audit existing machines
  • Deploy new network services securely

Prerequisites

Students should be experienced systems administrators with current Linux or Unix systems.

Outline

Expand All | Collapse All

Introduction
  • Security Concepts
  • Basic Security Principles
  • RHEL6 Default Install
  • RHEL6 Firewall
  • SLES11 Default Install
  • SLES11 Firewall
  • SLES11: File Security
  • Minimization - Discovery
  • Service Discovery
  • Hardening
  • Security Concepts
Scanning, Probing, and Mapping Vulnerabilities
  • The Security Environment
  • Stealth Reconnaissance
  • The WHOIS database
  • Interrogating DNS
  • Discovering Hosts
  • Discovering Reachable Services
  • Reconnaissance with SNMP
  • Discovery of RPC Services
  • Enumerating NFS Shares
  • Nessus Insecurity Scanner
  • Configuring OpenVAS
Password Security and PAM
  • UNIX Passwords
  • Password Aging
  • Auditing Passwords
  • PAM Overview
  • PAM Module Types
  • PAM Order of Processing
  • PAM Control Statements
  • PAM Modules
Secure Network Time Protocol (NTP)
  • The Importance of Time
  • Hardware and System Clock
  • Time Measurements
  • NTP Terms and Definitions
  • Synchronization Methods
  • NTP Evolution
  • Time Server Hierarchy
  • Operational Modes
  • NTP Clients
  • Configuring NTP Clients
  • Enterprise Linux Security
  • Administration
  • Enterprise Linux Security Administration
  • Configuring NTP Servers
  • Securing NTP
  • NTP Packet Integrity
  • Useful NTP Commands
Kerberos Concepts and Components
  • Common Security Problems
  • Account Proliferation
  • The Kerberos Solution
  • Kerberos History
  • Kerberos Implementations
  • Kerberos Concepts
  • Kerberos Principals
  • Kerberos Safeguards
  • Kerberos Components
  • Authentication Process
  • Identification Types
  • Logging In
  • Gaining Privileges
  • Using Privileges
  • Kerberos Components and the KDC
  • Kerberized Services Review
  • Kerberized Clients
  • KDC Server Daemons
  • Configuration Files
  • Utilities Overview
Implementing Kerberos
  • Plan Topology and Implementation
  • Kerberos 5 Client Software
  • Kerberos 5 Server Software
  • Synchronize Clocks
  • Create Master KDC
  • Configuring the Master KDC
  • KDC Logging
  • Kerberos Realm Defaults
  • Specifying [realms]
  • Specifying [domain_realm]
  • Allow Administrative Access
  • Create KDC Databases
  • Create Administrators
  • Install Keys for Services
  • Start Services
  • Add Host Principals
  • Add Common Service Principals
  • Configure Slave KDCs
  • Create Principals for Slaves
  • Define Slaves as KDCs
  • Copy Configuration to Slaves
  • Install Principals on Slaves
  • Create Stash on Slaves
  • Start Slave Daemons
  • Client Configuration
  • Install krb5.conf on Clients
  • Client PAM Configuration
  • Install Client Host Keys
Administering and using
  • Kerberos
  • Administrative Tasks
  • Key Tables
  • Managing Keytabs
  • Managing Principals
  • Viewing Principals
  • Adding, Deleting, and Modifying
  • Principals
  • Principal Policy
  • Overall Goals for Users
  • Signing In to Kerberos
  • Ticket types
  • Viewing Tickets
  • Removing Tickets
  • Passwords
  • Changing Passwords
  • Giving Others Access
  • Using Kerberized Services
  • Kerberized FTP
  • Enabling Kerberized Services
  • OpenSSH and Kerberos
Securing the Filesystem
  • Filesystem Mount Options
  • NFS Properties
  • NFS Export Option
  • NFSv4 and GSSAPI Auth
  • Implementing NFSv4
  • Implementing Kerberos with
  • NFS
  • GPG - GNU Privacy Guard
  • File Encryption with OpenSSL
  • File Encryption with encfs
  • Linux Unified Key Setup
  • (LUKS)
AIDE
  • Host Intrusion Detection Systems
  • Using RPM as a HIDS
  • Enterprise Linux Security Administration
  • Introduction to AIDE
  • AIDE Installation
  • AIDE Policies
  • AIDE Usage Chapter Section
Accountability with Kernel Audit
  • Accountability and Auditing
  • Simple Session Auditing
  • Simple Process Accounting & Command History
  • Kernel-Level Auditing
  • Configuring the Audit Daemon
  • Controlling Kernel Audit System
  • Creating Audit Rules
  • Searching Audit Logs
  • Generating Audit Log Reports
  • Audit Log Analysis
SELinux
  • DAC vs. MAC
  • Shortcomings of Traditional Unix Security
  • AppArmor
  • SELinux Goals
  • SELinux Evolution
  • SELinux Modes
  • Gathering Information
  • SELinux Virtual File System
  • SELinux Contexts
  • Managing Contexts
  • The SELinux Policy
  • Choosing an SELinux Policy
  • Policy Layout
  • Tuning and Adapting Policy
  • Booleans
  • Permissive Domains
  • Managing File Contexts
  • Managing Port Contexts
  • SELinux Policy Tools
  • Examining Policy
  • SELinux Troubleshooting
Securing Apache
  • Apache Overview
  • httpd.conf - Server Settings
  • Configuring CGI
  • Turning Off Unneeded Modules
  • Delegating Administration
  • Apache Access Controls (mod_access)
  • HTTP User Authentication
  • Standard Auth Modules
  • HTTP Digest Authentication
  • Authentication via SQL
  • Authentication via LDAP
  • Authentication via Kerberos
  • Scrubbing HTTP Headers
  • Metering HTTP Band
Securing PostgreSQL
  • PostgreSQL Overview
  • PostgreSQL Default Config
  • Configuring SSL
  • Client Authentication Basics
  • Advanced Authentication
  • Ident-based Authentication
Conclusion

Training Materials:

All attendees receive comprehensive courseware.

Software Requirements:

Attendees will not need to install any software on their computer for this class. The class will be conducted in a remote environment that Accelebrate will provide; students will only need a local computer with a web browser with a stable Internet connection. Any recent version of Microsoft Edge, Mozilla Firefox, or Google Chrome will be fine.



Learn faster

Our live, instructor-led lectures are far more effective than pre-recorded classes

Satisfaction guarantee

If your team is not 100% satisfied with your training, we do what's necessary to make it right

Learn online from anywhere

Whether you are at home or in the office, we make learning interactive and engaging

Multiple Payment Options

We accept check, ACH/EFT, major credit cards, and most purchase orders



Recent Training Locations

Alabama

Birmingham

Huntsville

Montgomery

Alaska

Anchorage

Arizona

Phoenix

Tucson

Arkansas

Fayetteville

Little Rock

California

Los Angeles

Oakland

Orange County

Sacramento

San Diego

San Francisco

San Jose

Colorado

Boulder

Colorado Springs

Denver

Connecticut

Hartford

DC

Washington

Florida

Fort Lauderdale

Jacksonville

Miami

Orlando

Tampa

Georgia

Atlanta

Augusta

Savannah

Hawaii

Honolulu

Idaho

Boise

Illinois

Chicago

Indiana

Indianapolis

Iowa

Cedar Rapids

Des Moines

Kansas

Wichita

Kentucky

Lexington

Louisville

Louisiana

New Orleans

Maine

Portland

Maryland

Annapolis

Baltimore

Frederick

Hagerstown

Massachusetts

Boston

Cambridge

Springfield

Michigan

Ann Arbor

Detroit

Grand Rapids

Minnesota

Minneapolis

Saint Paul

Mississippi

Jackson

Missouri

Kansas City

St. Louis

Nebraska

Lincoln

Omaha

Nevada

Las Vegas

Reno

New Jersey

Princeton

New Mexico

Albuquerque

New York

Albany

Buffalo

New York City

White Plains

North Carolina

Charlotte

Durham

Raleigh

Ohio

Akron

Canton

Cincinnati

Cleveland

Columbus

Dayton

Oklahoma

Oklahoma City

Tulsa

Oregon

Portland

Pennsylvania

Philadelphia

Pittsburgh

Rhode Island

Providence

South Carolina

Charleston

Columbia

Greenville

Tennessee

Knoxville

Memphis

Nashville

Texas

Austin

Dallas

El Paso

Houston

San Antonio

Utah

Salt Lake City

Virginia

Alexandria

Arlington

Norfolk

Richmond

Washington

Seattle

Tacoma

West Virginia

Charleston

Wisconsin

Madison

Milwaukee

Alberta

Calgary

Edmonton

British Columbia

Vancouver

Manitoba

Winnipeg

Nova Scotia

Halifax

Ontario

Ottawa

Toronto

Quebec

Montreal

Puerto Rico

San Juan