Linux Security

Course:   LNXSEC
Duration:   5 Days
Level:   II
On our website at:   http://www.verhoef-training.com/courses/LNXSEC.html
 
Course Summary

This five-day course provides students with the knowledge to perform system administration tasks relating to kernel management and system security. These topics include the proc filesystem configuration, kernel rebuilds and backups as well as log file maintenance. The course moves into security issues including physical security of the host and console, user and system accounts, network and firewall security and software security. The course ends with intrusion detection techniques.

Topics Covered In This Course

THE PROC FILE SYSTEM

  • What is the proc File System?
  • Viewing System Information
  • Viewing Process Information
  • Viewing and Changing Kernel Features
  • The sysctl Command
  • The /etc/sysctl.conf File

LOADABLE KERNEL MODULES

  • What are Loadable Kernel Modules?
  • Loading LKMs
  • Displaying LKMs
  • Unloading LKMs
  • Loading Modules that have Dependencies

REBUILDING THE KERNEL

  • Kernel Source Files
  • Extract the Source Files
  • Apply the Patch Files
  • Initial Configuration Steps
  • Configure the 2.4 Kernel
  • Configure the 2.6 Kernel
  • Building the Kernel
  • Using the New Kernel
  • Building a Red Hat Enterprise Linux Kernel
  • Kernel Parameters

LOG FILE ADMINISTRATION

  • System Log Daemons
  • The /etc/syslog.conf File
  • The /etc/sysconfig/syslog File
  • Default System Log Files
  • Using logrotate to Maintain Log Files
  • Using logwatch to Monitor Log Files
  • Using redhat-logviewer to Monitor Log Files
  • Generating Messages with logger

BACKUPS

  • Backing Up Data
  • Backup Media
  • Backup Methods
  • Device Files
  • Using the dump and restore Commands
  • Using the tar Commands
  • Using the gzip Command
  • Using the zip Command
  • Using the bzip2 Command
  • Using the cpio Command
  • Additional Utilities

SECURITY OVERVIEW

  • What is Security?
  • Balance
  • Staying Up to Date
  • Documentation
  • Thinking like the Enemy
  • What is a Security Policy?
  • Step 1 - Initially Secure the System
  • Step 2 - Maintain System Security
  • Step 3 - Recovery

PHYSICAL SECURITY

  • What is Physical Security?
  • Access Protection
  • Protecting BIOS
  • Protecting the Boot Loader
  • Disabling Reboots
  • Using vlock
  • Devices
  • Natural Disasters
  • Hardware Error
  • Theft

SECURING USER ACCOUNTS

  • Account Names
  • Mail Aliases
  • The /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow Files
  • Displaying User Information
  • Users and their Passwords
  • Users with no Passwords
  • Forcing Users to Change their Password
  • Preventing Users from Changing their Password
  • Application Accounts
  • Same UID, Multiple User Accounts
  • Setting Accounts Defaults
  • Process Accounting
  • Tools

SECURING SYSTEM ACCOUNTS

  • Securing the Root Account
  • Root Password and Name
  • The root's PATH Variable
  • Physically Protecting the root Account
  • Disallowing root Access
  • Limiting Access to root via su
  • Enabling Automatic Logouts
  • Granting root Access via the sudo Command
  • Securing System Accounts

SECURING THE FILESYSTEM

  • File Permissions and Ownership
  • Disk Space Usage
  • Securing crontab and at
  • File Attributes
  • File System mount Options
  • Tools

PAM

  • What is PAM?
  • Syntax of PAM configuration files
  • PAM categories
  • PAM controls
  • PAM Modules
  • Using PAM to alter the password policy
  • Using PAM to provide resource limits
  • Using PAM to limit services
  • Using PAM to limit access time to services
  • Disabling console privileges
  • Other PAM features

TCP WRAPPERS

  • The configuration files
  • Syntax of /etc/hosts.allow and /etc/hosts.deny
  • Using tcp_wrappers banners
  • Logging tcp_wrappers connections
  • Avoiding using two configuration files
  • Using spawn and twist
  • Additional tcp_wrappers options

FIREWALLS

  • Kernel level firewalls in Linux
  • Overview of iptables
  • Overview of filtering packets
  • Filtering incoming packets on the local system
  • Filtering outgoing packets on the local system
  • Using NAT
  • Saving tables

THE XINETD SERVICE

  • The /etc/xinetd.conf File
  • The /etc/xinetd.d Directory
  • Important Attributes for xinetd-based Services
  • Additional xinetd Considerations

INTRUSION DETECTION

  • Performing the intrusion detection
  • Monitoring network activity
  • Probing for modified files
  • Third party tools
Who Should Take This Course

Linux system administrators who want to build competency with kernel builds and system security.

Recommended Prerequisites

Linux Level 2 or equivalent experience.

Related Courses
Code Course Title Duration Level
LNXADM
Enterprise Linux System Administration
5 Days
I
Details
SECVE
Securing the Virtual Environment
3 Days
I
Details
LNXNET
Enterprise Linux Networking Services
5 Days
II
Details
RHLSEC
Red Hat Linux Security
4 Days
II
Details

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.