Linux Level 3 - Linux Security Training

Answers to Popular Questions:

 
Yes, this class can be tailored to meet your specific training needs.
Yes, we provide Linux Unix consulting services.
Yes, group discounts are provided.

Course Description

 
This five-day course provides students with the knowledge to perform system administration tasks relating to kernel management and system security. These topics include the proc filesystem configuration, kernel rebuilds and backups as well as log file maintenance. The course moves into security issues including physical security of the host and console, user and system accounts, network and firewall security and software security. The course ends with intrusion detection techniques.
Course Length: 5 Days
Course Tuition: $2090 (US)

Prerequisites

Linux Level 2 or equivalent experience.

Course Outline

 

The proc File System
What is the proc File System?
Viewing System Information
Viewing Process Information
Viewing and Changing Kernel Features
The sysctl Command
The /etc/sysctl.conf File

Loadable Kernel Modules
What are Loadable Kernel Modules?
Loading LKMs
Displaying LKMs
Unloading LKMs
Loading Modules that have Dependencies

Rebuilding the Kernel
Kernel Source Files
Extract the Source Files
Apply the Patch Files
Initial Configuration Steps
Configure the 2.4 Kernel
Configure the 2.6 Kernel
Building the Kernel
Using the New Kernel
Building a Red Hat Enterprise Linux Kernel
Kernel Parameters

Log File Administration
System Log Daemons
The /etc/syslog.conf File
The /etc/sysconfig/syslog File
Default System Log Files
Using logrotate to Maintain Log Files
Using logwatch to Monitor Log Files
Using redhat-logviewer to Monitor Log Files
Generating Messages with logger

Backups
Backing Up Data
Backup Media
Backup Methods
Device Files
Using the dump and restore Commands
Using the tar Commands
Using the gzip Command
Using the zip Command
Using the bzip2 Command
Using the cpio Command
Additional Utilities

Security Overview
What is Security?
Balance
Staying Up to Date
Documentation
Thinking like the Enemy
What is a Security Policy?
Step 1 - Initially Secure the System
Step 2 - Maintain System Security
Step 3 - Recovery

Physical Security
What is Physical Security?
Access Protection
Protecting BIOS
Protecting the Boot Loader
Disabling Reboots
Using vlock
Devices
Natural Disasters
Hardware Error
Theft

Securing User Accounts
Account Names
Mail Aliases
The /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow Files
Displaying User Information
Users and their Passwords
Users with no Passwords
Forcing Users to Change their Password
Preventing Users from Changing their Password
Application Accounts
Same UID, Multiple User Accounts
Setting Accounts Defaults
Process Accounting
Tools
 
Securing System Accounts
Securing the Root Account
Root Password and Name
The root's PATH Variable
Physically Protecting the root Account
Disallowing root Access
Limiting Access to root via su
Enabling Automatic Logouts
Granting root Access via the sudo Command
Securing System Accounts

Securing The Filesystem
File Permissions and Ownership
Disk Space Usage
Securing crontab and at
File Attributes
File System mount Options
Tools

PAM
What is PAM?
Syntax of PAM configuration files
PAM categories
PAM controls
PAM Modules
Using PAM to alter the password policy
Using PAM to provide resource limits
Using PAM to limit services
Using PAM to limit access time to services
Disabling console privileges
Other PAM features

TCP Wrappers
The configuration files
Syntax of /etc/hosts.allow and /etc/hosts.deny
Using tcp_wrappers banners
Logging tcp_wrappers connections
Avoiding using two configuration files
Using spawn and twist
Additional tcp_wrappers options

Firewalls
Kernel level firewalls in Linux
Overview of iptables
Overview of filtering packets
Filtering incoming packets on the local system
Filtering outgoing packets on the local system
Using NAT
Saving tables

The xinetd Service
The /etc/xinetd.conf File
The /etc/xinetd.d Directory
Important Attributes for xinetd-based Services
Additional xinetd Considerations

Intrusion Detection
Performing the intrusion detection
Monitoring network activity
Probing for modified files
Third party tools

Appendix A - Preparing for Certification Exams

Appendix B - Preparing for RHCE and RHCT Exams

Appendix C - Preparing for the LPI Exams

Appendix D - Preparing for the Linux+ Exam

Course Directory [training on all levels]

Upcoming Classes
Gain insight and ideas from students with different perspectives and experiences.

Interesting Reads Take a class with us and receive a book of your choosing for 50% off MSRP.