ENTERPRISE LINUX SERVER HARDENING Training in Clovis

Enroll in or hire us to teach our ENTERPRISE LINUX SERVER HARDENING class in Clovis, California by calling us @303.377.6176. Like all HSG classes, ENTERPRISE LINUX SERVER HARDENING may be offered either onsite or via instructor led virtual training. Consider looking at our public training schedule to see if it is scheduled: Public Training Classes
Provided there are enough attendees, ENTERPRISE LINUX SERVER HARDENING may be taught at one of our local training facilities.
We offer private customized training for groups of 3 or more attendees.

Course Description

 

Hardening of a RHEL Linux System.

Course Length: 4 Days
Course Tuition: $2290 (US)

Prerequisites

Knowledge equivalent to the "Linux Fundamentals" and "Enterprise Linux Systems Administration"

Course Outline

 
  1. SECURITY CONCEPTS
    1. Basic Security Principles
    2. RHEL7 Default Install
    3. Minimization – Discovery
    4. Service Discovery
    5. Hardening
    6. Security Concepts
    LAB TASKS
    1. Removing Packages Using RPM
    2. Firewall Configuration
    3. Process Discovery
    4. Operation of the setuid() and capset() System Calls
    5. Operation of the chroot() System Call
    6. Introduction to Troubleshooting Labs
  2. SCANNING, PROBING, AND MAPPING VULNERABILITIES
    1. The Security Environment
    2. Stealth Reconnaissance
    3. The WHOIS database
    4. Interrogating DNS
    5. Discovering Hosts
    6. Discovering Reachable Services
    7. Reconnaissance with SNMP
    8. Discovery of RPC Services
    9. Enumerating NFS Shares
    10. Nessus/OpenVAS Insecurity Scanner
    11. Configuring OpenVAS
    12. Intrusion Detection Systems
    13. Snort Rules
    14. Writing Snort Rules
    LAB TASKS
    1. NMAP
    2. OpenVAS
    3. Advanced nmap Options
  3. TRACKING SECURITY UPDATES AND SOFTWARE MAINTENANCE
    1. Security Advisories
    2. Managing Software
    3. RPM Features
    4. RPM Architecture
    5. RPM Package Files
    6. Working With RPMs
    7. Querying and Verifying with RPM
    8. Updating the Kernel RPM
    9. Dealing With RPM & Yum Digest Changes
    10. Using the Yum command
    11. Using Yum history
    12. Yum Plugins & RHN Subscription Manager
    13. YUM Repositories
    LAB TASKS
    1. Managing Software with RPM
    2. Creating a Custom RPM Repository
    3. Querying the RPM Database
    4. Using Yum
  4. MANAGE THE FILESYSTEM
    1. Partitioning Disks with fdisk & gdisk
    2. Resizing a GPT Partition with gdisk
    3. Partitioning Disks with parted
    4. Filesystem Creation
    5. Persistent Block Devices
    6. Mounting Filesystems
    7. Filesystem Maintenance
    8. Swap
    LAB TASKS
    1. Creating and Managing Filesystems
    2. Hot Adding Swap
  5. SECURING THE FILESYSTEM
    1. Configuring Disk Quotas
    2. Setting Quotas
    3. Viewing and Monitoring Quotas
    4. Filesystem Attributes
    5. Filesystem Mount Options
    6. GPG – GNU Privacy Guard
    7. File Encryption with OpenSSL
    8. File Encryption With encfs
    9. Linux Unified Key Setup (LUKS)
    LAB TASKS
    1. Setting User Quotas
    2. Securing Filesystems
    3. Securing NFS
    4. File Encryption with GPG
    5. File Encryption With OpenSSL
    6. LUKS-on-disk format Encrypted Filesystem
  6. MANAGE SPECIAL PERMISSIONS
    1. File and Directory Permissions
    2. File Creation Permissions with umask
    3. SUID and SGID on files
    4. SGID and Sticky Bit on Directories
    5. Changing File Permissions
    6. User Private Group Scheme
  7. MANAGE FILE ACCESS CONTROLS
    1. File Access Control Lists
    2. Manipulating FACLs
    3. Viewing FACLs
    4. Backing Up FACLs
    LAB TASKS
    1. Using Filesystem ACLs
  8. MONITOR FOR FILESYSTEM CHANGES
    1. Host Intrusion Detection Systems
    2. Using RPM as a HIDS
    3. Introduction to AIDE
    4. AIDE Installation
    5. AIDE Policies
    6. AIDE Usage
    LAB TASKS
    1. File Integrity Checking with RPM
    2. File Integrity Checking with AIDE
  9. MANAGE USER ACCOUNTS
    1. Approaches to Storing User Accounts
    2. User and Group Concepts
    3. User Administration
    4. Modifying Accounts
    5. Group Administration
    6. RHEL DS Client Configuration
    7. System Security Services Daemon (SSSD)
    LAB TASKS
    1. User Private Groups
  10. PASSWORD SECURITY AND PAM
    1. Unix Passwords
    2. Password Aging
    3. Auditing Passwords
    4. PAM Overview
    5. PAM Module Types
    6. PAM Order of Processing
    7. PAM Control Statements
    8. PAM Modules
    9. pam_unix
    10. pam_cracklib.so
    11. pam_env.so
    12. pam_xauth.so
    13. pam_tally2.so
    14. pam_wheel.so
    15. pam_limits.so
    16. pam_nologin.so
    17. pam_deny.so
    18. pam_warn.so
    19. pam_securetty.so
    20. pam_time.so
    21. pam_access.so
    22. pam_listfile.so
    23. pam_lastlog.so
    24. pam_console.so
    LAB TASKS
    1. John the Ripper
    2. Cracklib
    3. Using pam_listfile to Implement Arbitrary ACLs
    4. Using pam_limits to Restrict Simultaneous Logins
    5. Using pam_nologin to Restrict Logins
    6. Using pam_access to Restrict Logins
    7. su & pam
  11. USING FREEIPA FOR CENTRALIZED AUTHENTICATION
    1. What Is FreeIPA?
    2. FreeIPA Features
    3. FreeIPA Installation
    4. FreeIPA Client Installation
    5. User, Group, And Host Management
    6. User, Group, And Host Management
    7. FreeIPA Active Directory Integration
  12. LOG FILE ADMINISTRATION
    1. System Logging
    2. systemd Journal
    3. systemd Journal's journalctl
    4. Secure Logging with Journal's Log Sealing
    5. gnome-system-log
    6. Rsyslog
    7. /etc/rsyslog.conf
    8. Log Management
    9. Log Anomaly Detector
    10. Sending logs from the shell
    LAB TASKS
    1. Using the systemd Journal
    2. Setting up a Full Debug Logfile
    3. Remote Syslog Configuration
    4. Remote Rsyslog TLS Configuration
  13. ACCOUNTABILITY WITH KERNEL AUDITD
    1. Accountability and Auditing
    2. Simple Session Auditing
    3. Simple Process Accounting & Command History
    4. Kernel-Level Auditing
    5. Configuring the Audit Daemon
    6. Controlling Kernel Audit System
    7. Creating Audit Rules
    8. Searching Audit Logs
    9. Generating Audit Log Reports
    10. Audit Log Analysis
    LAB TASKS
    1. Auditing Login/Logout
    2. Auditing File Access
    3. Auditing Command Execution
  14. SECURING SERVICES
    1. Xinetd
    2. Xinetd Connection Limiting and Access Control
    3. Xinetd: Resource limits, redirection, logging
    4. TCP Wrappers
    5. The /etc/hosts.allow & /etc/hosts.deny Files
    6. /etc/hosts.{allow,deny} Shortcuts
    7. Advanced TCP Wrappers
    8. FirewallD
    9. Netfilter: Stateful Packet Filter Firewall
    10. Netfilter Concepts
    11. Using the iptables Command
    12. Netfilter Rule Syntax
    13. Targets
    14. Common match_specs
    15. Connection Tracking
    LAB TASKS
    1. Securing xinetd Services
    2. Enforcing Security Policy with xinetd
    3. Securing Services with TCP Wrappers
    4. Securing Services with Netfilter
    5. FirewallD
    6. Troubleshooting Practice
  15. SELINUX
    1. DAC vs. MAC
    2. Shortcomings of Traditional Unix Security
    3. SELinux Goals
    4. SELinux Evolution
    5. SELinux Modes
    6. Gathering SELinux Information
    7. SELinux Virtual Filesystem
    8. SELinux Contexts
    9. Managing Contexts
    10. The SELinux Policy
    11. Choosing an SELinux Policy
    12. Policy Layout
    13. Tuning and Adapting Policy
    14. Booleans
    15. Permissive Domains
    16. Managing File Context Database
    17. Managing Port Contexts
    18. SELinux Policy Tools
    19. Examining Policy
    20. SELinux Troubleshooting
    21. SELinux Troubleshooting Continued
    LAB TASKS
    1. Exploring SELinux Modes
    2. SELinux File Contexts
    3. SELinux Contexts in Action
    4. Managing SELinux Booleans
    5. Creating Policy with Audit2allow
    6. Creating & Compiling Policy from Source

Linux Unix Uses & Stats

Linux Unix is Used For:
Desktop Mainframe Computers Mobile Devices Embedded Devices
Difficulty
Popularity
Year Created
1991/1971
Pros
Performance:
Linux supports many efficient tools and operates them seamlessly. Because it's architecture is lightweight it runs faster than both Windows 8.1 and 10. 
 
Security:
Because Linux is an open-source software,  anyone can contribute code to help enhance the users’ experience i.e., adding features, fixing bugs, reducing security risks, and more.
 
 
Software Development:
The terminal in Linux is a *wild card*. You can do almost anything with it. This includes software installation, application and server configurations, file system management, and etc.
 
Large-scale:
Open-source projects benefit from having an attentive community. As a result, Linux is more secure than Windows. Instead of installing anti viruses to clean malware, you just have to stick to the recommended repositories. 
 
Efficient: 
Developers have the convenience of running servers, training machine learning models, accessing remote machines, and compiling and running scripts from the same terminal window. 
 
Free: 
Linux is free (you can put it on as many systems as you like) and you can change it to suit your needs.
Cons
Learning Curve: 
Linux is not for everyone, there is a learning curve in switching to Ubuntu. To actually learn Linux efficiently would take a user one to several years.
 
No Tech Support:
Unlike Windows, there isn’t a dedicated tech support, so getting help for things is up to you. 
 
Designer Compatabilty:
Linux is not as user friendly as Windows or as ‘straight out of the box design’ As an example for design choices, Adobe hasn’t released any of its products to Linux users. So it’s impossible to run them directly. The Ubuntu alternative is a free software called GIMP. 
 
Gaming Capabilities: 
Most games aren’t available in Linux. But that’s not to say you can’t make it happen, it's just not as easy.   
Linux Unix Job Market
Average Salary
$85k-$105k
Job Count
n/a
Top Job Locations

New York City
Boston
San Francisco 

Complimentary Skills to have along with Linux Unix
The following are types of jobs that may require Linux skills.  The top 15 job titles on Dice.com that mention Linux in their postings are:
- DevOps Engineer
- Software Engineer
- Java Developer
- Systems Engineer
- Systems Administrator
- Senior Software Engineer
- Network Engineer
- Python Developer
- Linux Systems Administrator
- Software Developer
- System Administrator
- Linux Administrator
- Linux Engineer
- Senior Java Developer
- C++ Developer

Interesting Reads Take a class with us and receive a book of your choosing for 50% off MSRP.