Duration
Four days
Outline for Enterprise Linux Server Hardening Training
Chapter 1. SECURITY CONCEPTS
Basic Security Principles
RHEL7 Default Install
Minimization – Discovery
Service Discovery
Hardening
Security Concepts
LAB TASKS
Removing Packages Using RPM
Firewall Configuration
Process Discovery
Operation of the setuid() and capset() System Calls
Operation of the chroot() System Call
Introduction to Troubleshooting Labs
Chapter 2. SCANNING, PROBING, AND MAPPING VULNERABILITIES
The Security Environment
Stealth Reconnaissance
The WHOIS database
Interrogating DNS
Discovering Hosts
Discovering Reachable Services
Reconnaissance with SNMP
Discovery of RPC Services
Enumerating NFS Shares
Nessus/OpenVAS Insecurity Scanner
Configuring OpenVAS
Intrusion Detection Systems
Snort Rules
Writing Snort Rules
LAB TASKS
NMAP
OpenVAS
Advanced nmap Options
Chapter 3. TRACKING SECURITY UPDATES AND SOFTWARE MAINTENANCE
Security Advisories
Managing Software
RPM Features
RPM Architecture
RPM Package Files
Working With RPMs
Querying and Verifying with RPM
Updating the Kernel RPM
Dealing With RPM & Yum Digest Changes
Using the Yum command
Using Yum history
Yum Plugins & RHN Subscription Manager
Yum Version Lock Plugin
Yum Repositories
LAB TASKS
Managing Software with RPM
Creating a Custom RPM Repository
Querying the RPM Database
Using Yum
Chapter 4. MANAGE THE FILESYSTEM
Partitioning Disks with fdisk & gdisk
Resizing a GPT Partition with gdisk
Partitioning Disks with parted
Non-Interactive Disk Partitioning with sfdisk
Filesystem Creation
Persistent Block Devices
Mounting Filesystems
Filesystem Maintenance
Swap
LAB TASKS
Creating and Managing Filesystems
Hot Adding Swap
Chapter 5. SECURING THE FILESYSTEM
Configuring Disk Quotas
Setting Quotas
Viewing and Monitoring Quotas
Filesystem Attributes
Filesystem Mount Options
GPG – GNU Privacy Guard
File Encryption with OpenSSL
File Encryption With encfs
Linux Unified Key Setup (LUKS)
LAB TASKS
Setting User Quotas
Securing Filesystems
Securing NFS
File Encryption with GPG
File Encryption With OpenSSL
LUKS-on-disk format Encrypted Filesystem
Chapter 6. MANAGE SPECIAL PERMISSIONS
File and Directory Permissions
File Creation Permissions with umask
SUID and SGID on files
SGID and Sticky Bit on Directories
Changing File Permissions
User Private Group Scheme
Chapter 7. MANAGE FILE ACCESS CONTROLS
File Access Control Lists
Manipulating FACLs
Viewing FACLs
Backing Up FACLs
LAB TASKS
Using Filesystem ACLs
Chapter 8. MONITOR FOR FILESYSTEM CHANGES
Host Intrusion Detection Systems
Using RPM as a HIDS
Introduction to AIDE
AIDE Installation
AIDE Policies
AIDE Usage
LAB TASKS
File Integrity Checking with RPM
File Integrity Checking with AIDE
Chapter 9. MANAGE USER ACCOUNTS
Approaches to Storing User Accounts
User and Group Concepts
User Administration
Modifying Accounts
Group Administration
RHEL DS Client Configuration
System Security Services Daemon (SSSD)
LAB TASKS
User Private Groups
Chapter 10. PASSWORD SECURITY AND PAM
Unix Passwords
Password Aging
Auditing Passwords
PAM Overview
PAM Module Types
PAM Order of Processing
PAM Control Statements
PAM Modules
pam_unix
pam_cracklib.so
pam_env.so
pam_xauth.so
pam_tally2.so
pam_wheel.so
pam_limits.so
pam_nologin.so
pam_deny.so
pam_warn.so
pam_securetty.so
pam_time.so
pam_access.so
pam_listfile.so
pam_lastlog.so
pam_console.so
LAB TASKS
John the Ripper
Cracklib
Using pam_listfile to Implement Arbitrary ACLs
Using pam_limits to Restrict Simultaneous Logins
Using pam_nologin to Restrict Logins
Using pam_access to Restrict Logins
su & pam
Chapter 11. USING FREEIPA FOR CENTRALIZED AUTHENTICATION
What Is FreeIPA?
FreeIPA Features
FreeIPA Installation
FreeIPA Client Installation
User, Group, And Host Management
User, Group, And Host Management
FreeIPA Active Directory Integration
Chapter 12. LOG FILE ADMINISTRATION
System Logging
systemd Journal
systemd Journal's journalctl
Secure Logging with Journal's Log Sealing
gnome-system-log
Rsyslog
/etc/rsyslog.conf
Log Management
Log Anomaly Detector
Sending logs from the shell
LAB TASKS
Using the systemd Journal
Setting up a Full Debug Logfile
Remote Syslog Configuration
Remote Rsyslog TLS Configuration
Chapter 13. ACCOUNTABILITY WITH KERNEL AUDITD
Accountability and Auditing
Simple Session Auditing
Simple Process Accounting & Command History
Kernel-Level Auditing
Configuring the Audit Daemon
Controlling Kernel Audit System
Creating Audit Rules
Searching Audit Logs
Generating Audit Log Reports
Audit Log Analysis
LAB TASKS
Auditing Login/Logout
Auditing File Access
Auditing Command Execution
Chapter 14. SECURING SERVICES
Xinetd
Xinetd Connection Limiting and Access Control
Xinetd: Resource limits, redirection, logging
TCP Wrappers
The /etc/hosts.allow & /etc/hosts.deny Files
/etc/hosts.{allow,deny} Shortcuts
Advanced TCP Wrappers
FirewallD
Netfilter: Stateful Packet Filter Firewall
Netfilter Concepts
Using the iptables Command
Netfilter Rule Syntax
Targets
Common match_specs
Extended Packet Matching Modules
Connection Tracking
LAB TASKS
Securing xinetd Services
Enforcing Security Policy with xinetd
Securing Services with TCP Wrappers
Securing Services with Netfilter
FirewallD
Troubleshooting Practice
Chapter 15. SELINUX
DAC vs. MAC
Shortcomings of Traditional Unix Security
SELinux Goals
SELinux Evolution
SELinux Modes
Gathering SELinux Information
SELinux Virtual Filesystem
SELinux Contexts
Managing Contexts
The SELinux Policy
Choosing an SELinux Policy
Policy Layout
Tuning and Adapting Policy
Booleans
Permissive Domains
Managing File Context Database
Managing Port Contexts
SELinux Policy Tools
Examining Policy
SELinux Troubleshooting
SELinux Troubleshooting Continued
LAB TASKS
Exploring SELinux Modes
SELinux File Contexts
SELinux Contexts in Action
Managing SELinux Booleans
Creating Policy with Audit2allow
Creating & Compiling Policy from Source