Enterprise Linux Security Administration Training in Richmond

Enroll in or hire us to teach our Enterprise Linux Security Administration class in Richmond, Virginia by calling us @303.377.6176. Like all HSG classes, Enterprise Linux Security Administration may be offered either onsite or via instructor led virtual training. Consider looking at our public training schedule to see if it is scheduled: Public Training Classes
Provided there are enough attendees, Enterprise Linux Security Administration may be taught at one of our local training facilities.

Answers to Popular Questions:

Yes, this class can be tailored to meet your specific training needs.
Yes, we provide Linux Unix consulting services.
Yes, group discounts are provided.

Course Description

This highly technical course focuses on properly securing machines running the Linux operating systems. A broad range of general security techniques such as packet filtering, password policies, and file integrity checking are covered. Advanced security tec hnologies such as Kerberos and SELinux are taught. Special attention is given to securing commonly deployed network services. At the end of the course, students have an excellent understanding of the potential security vulnerabilities-know how to audit existing machines, and how to securely deploy new network services.
Course Length: 5 Days
Course Tuition: $2090 (US)


E xperienced systems administrators with current Linux or UNIX systems

Course Outline


1. Security Concepts
Basic Security Principles
RHEL6 Default Install
RHEL6 Firewall
SLES11 Default Install
SLES11 Firewall
SLES11: File Security
Service Discovery
Security Concepts

2. Scanning, Probing, and Mapping Vulnerabilities
The Security Environment
Stealth Reconnaissance
The WHOIS database
Interrogating DNS
Discovering Hosts
Discovering Reachable Services
Reconnaissance with SNMP
Discovery of RPC Services
Enumerating NFS Shares
Nessus Insecurity Scanner
Configuring OpenVAS

3. Password Security and PAM
UNIX Passwords
Password Aging
Auditing Passwords
PAM Overview
PAM Module Types
PAM Order of Processing
PAM Control Statements
PAM Modules

4. Secure Network Time Protocol (NTP)
The Importance of Time
Hardware and System Clock
Time Measurements
NTP Terms and Definitions
Synchronization Methods
NTP Evolution
Time Server Hierarchy
Operational Modes
NTP Clients
Configuring NTP Clients
Configuring NTP Servers
Securing NTP
NTP Packet Integrity
Useful NTP Commands

5. Kerberos Concepts and Components
Common Security Problems
Account Proliferation
The Kerberos Solution
Kerberos History
Kerberos Implementations
Kerberos Concepts
Kerberos Principals
Kerberos Safeguards
Kerberos Components
Authentication Process
Identification Types
Logging In
Gaining Privileges
Using Privileges
Kerberos Components and the KDC
Kerberized Services Review
Kerberized Clients
KDC Server Daemons
Configuration Files
Utilities Overview

6. Implementing Kerberos
Plan Topology
and Implementation
Kerberos 5 Client Software
Kerberos 5 Server Software
Synchronize Clocks
Create Master KDC
Configuring the Master KDC
KDC Logging
Kerberos Realm Defaults
Specifying [realms]
Specifying [domain_realm]
Allow Administrative Access
Create KDC Databases
Create Administrators
Install Keys for Services
Start Services
Add Host Principals
Add Common Service Principals
Configure Slave KDCs
Create Principals for Slaves
Define Slaves as KDCs
Copy Configuration to Slaves
Install Principals on Slaves
Create Stash on Slaves
Start Slave Daemons
Client Configuration
Install krb5.conf on Clients
Client PAM Configuration
Install Client Host Keys

7. Administering and using Kerberos
Administrative Tasks
Key Tables
Managing Keytabs
Managing Principals
Viewing Principals
Adding, Deleting, and Modifying Principals
Principal Policy
Overall Goals for Users
Signing In to Kerberos
Ticket types
Viewing Tickets
Removing Tickets
Changing Passwords
Giving Others Access
Using Kerberized Services
Kerberized FTP
Enabling Kerberized Services
OpenSSH and Kerberos

8. Securing the Filesystem
Filesystem Mount Options
NFS Properties
NFS Export Option
NFSv4 and GSSAPI Auth
Implementing NFSv4
Implementing Kerberos with NFS
GPG-GNU Privacy Guard
File Encryption with OpenSSL
File Encryption with encfs
Linux Unified Key Setup (LUKS)

Host Intrusion Detection Systems
Using RPM as a HIDS
Introduction to AIDE
AIDE Installation
AIDE Policies
AIDE Usage Chapter Section

10. Accountability with Kernel Audit
Accountability and Auditing
Simple Session Auditing
Simple Process Accounting & Command History
Kernel-Level Auditing
Configuring the Audit Daemon
Controlling Kernel Audit System
Creating Audit Rules
Searching Audit Logs
Generating Audit Log Reports
Audit Log Analysis

11. SELinux
Shortcomings of Traditional Unix Security
SELinux Goals
SELinux Evolution
SELinux Modes
Gathering Information
SELinux Virtual Filesystem
SELinux Contexts
Managing Contexts
The SELinux Policy
Choosing an SELinux Policy
Policy Layout
Tuning and Adapting Policy
Permissive Domains
Managing File Contexts
Managing Port Contexts
SELinux Policy Tools
Examining Policy
SELinux Troubleshooting

12. Securing Apache
Apache Overview
httpd.conf-Server Settings
Configuring CGI
Turning Off Unneeded Modules
Delegating Administration
Apache Access Controls (mod_access)
HTTP User Authentication
Standard Auth Modules
HTTP Digest Authentication
Authentication via SQL
Authentication via LDAP
Authentication via Kerberos
Scrubbing HTTP Headers
Metering HTTP Band

13. Securing PostgreSQL
PostgreSQL Overview
PostgreSQL Default Config
Configuring SSL
Client Authentication Basics
Advanced Authentication
Ident-based Authentication

14. Appendix A-Securing Email Systems
SMTP Implementations
Security Considerations
chrooting Postfix
Email with GSSAPI/Kerberos

Course Directory [training on all levels]

Upcoming Classes
Gain insight and ideas from students with different perspectives and experiences.

Linux Unix Uses & Stats

Linux Unix is Used For:
Desktop Mainframe Computers Mobile Devices Embedded Devices
Year Created
Linux supports many efficient tools and operates them seamlessly. Because it's architecture is lightweight it runs faster than both Windows 8.1 and 10. 
Because Linux is an open-source software,  anyone can contribute code to help enhance the users’ experience i.e., adding features, fixing bugs, reducing security risks, and more.
Software Development:
The terminal in Linux is a *wild card*. You can do almost anything with it. This includes software installation, application and server configurations, file system management, and etc.
Open-source projects benefit from having an attentive community. As a result, Linux is more secure than Windows. Instead of installing anti viruses to clean malware, you just have to stick to the recommended repositories. 
Developers have the convenience of running servers, training machine learning models, accessing remote machines, and compiling and running scripts from the same terminal window. 
Linux is free (you can put it on as many systems as you like) and you can change it to suit your needs.
Learning Curve: 
Linux is not for everyone, there is a learning curve in switching to Ubuntu. To actually learn Linux efficiently would take a user one to several years.
No Tech Support:
Unlike Windows, there isn’t a dedicated tech support, so getting help for things is up to you. 
Designer Compatabilty:
Linux is not as user friendly as Windows or as ‘straight out of the box design’ As an example for design choices, Adobe hasn’t released any of its products to Linux users. So it’s impossible to run them directly. The Ubuntu alternative is a free software called GIMP. 
Gaming Capabilities: 
Most games aren’t available in Linux. But that’s not to say you can’t make it happen, it's just not as easy.   
Linux Unix Job Market
Average Salary
Job Count
Top Job Locations

New York City
San Francisco 

Complimentary Skills to have along with Linux Unix
The following are types of jobs that may require Linux skills.  The top 15 job titles on Dice.com that mention Linux in their postings are:
- DevOps Engineer
- Software Engineer
- Java Developer
- Systems Engineer
- Systems Administrator
- Senior Software Engineer
- Network Engineer
- Python Developer
- Linux Systems Administrator
- Software Developer
- System Administrator
- Linux Administrator
- Linux Engineer
- Senior Java Developer
- C++ Developer

Interesting Reads Take a class with us and receive a book of your choosing for 50% off MSRP.